The State of B2B Outbound Deliverability 2026

50%

have at least one deliverability gap — one in two.

37%

have DMARC published but not enforced (p=none) — monitoring spoofing, not blocking it.

18.5%

have no detectable DKIM — their mail goes out unsigned.

5.4%

have no DMARC at all — anyone can spoof their domain.

The quiet killer: DMARC set to `p=none`

The single most common finding wasn't a missing record — it was a record that looks done but isn't doing anything. 37% of companies publish a DMARC record set to p=none, which tells mailbox providers: "watch for spoofing, but don't actually do anything about it."

Most teams set p=none on day one to start collecting reports — and then never move to p=quarantine or p=reject. The result: you get the false comfort of "we have DMARC" with none of the protection. As you scale outbound, an unenforced domain slowly bleeds sender reputation, and anyone can impersonate you.

Unsigned mail and the "opens but no replies" trap

Nearly 1 in 5 (18.5%) had no DKIM signature we could detect on the common selectors. Unsigned mail is the fastest way to get filtered — and it's invisible from inside your own sending tool.

This is the mechanism behind the most expensive lie in outbound: your tool reports "opens" while your pipeline never materializes. The opens are often spam-filter prefetches and bots; the real prospects never saw the email because half of it landed in spam. You can send 10,000 emails from a broken domain and the dashboard will look fine the whole time.

No SPF → mailbox providers can't verify the sender. (Good news: 0% of our sample missed this — SPF is the one record everyone gets right.)
No DKIM → mail is unsigned and looks forgeable. 18.5%.
DMARC p=none → published but unenforced; spoofable; reputation erodes. 37%.
No DMARC → fully exposed. 5.4%.

What to do about it

Deliverability isn't the exciting part of outbound. It's just the part that decides whether anyone reads the email you spent an hour writing. Before you scale sending — or pay a vendor to scale it for you — fix the foundation:

Publish SPF, enable DKIM in your sending platform, and publish a DMARC record.
If your DMARC is at p=none, watch the reports for two weeks, then move to p=quarantine (then p=reject).
Re-check after every change. The whole point is that you can't see these problems from inside your sending tool.

Check your own domain — free, 60 seconds

Type your domain and get an instant A–F grade on SPF, DKIM, DMARC, and MX — the same live checks we ran across these 130 companies. No signup.

Run the Outbound Reality Check →

METHOD: We ran live DNS-over-HTTPS lookups (SPF on the apex TXT, DKIM across common public selectors, DMARC at _dmarc, plus MX) against 130 B2B companies in June 2026. "Has DKIM" means a valid, non-empty public key on a standard selector; a custom selector we didn't probe would read as absent. Honest numbers, no estimates. We publish our own outbound results on a public ledger at /proof.

The quiet killer: DMARC set to p=none

Unsigned mail and the "opens but no replies" trap

What to do about it

Check your own domain — free, 60 seconds

The quiet killer: DMARC set to `p=none`