Insights: how the inbox actually decides.
Most cold email content is tactics. Insights goes a layer down, into how providers classify, filter, and place mail, cited to primary sources so operators can decide from mechanism instead of folklore.
- Primary-source desk studies
- Every claim cited
- Peer-reviewed measurement literature
- Nothing asserted that cannot be verified
Papers
Gmail's 2026 Inbox Decision for High-Volume Cold Email: A Three-Layer Authentication, Reputation, and Engagement Model
A cited, integrated account of how Gmail routes a message to the inbox or spam: the mandatory authentication and formatting floor, the four published reputation bands, and the personalized machine-learning classifier where recipient engagement is described as central, and where the lexical tricks of folklore are, by design, inert.
Read the paper ›Email Authentication at Scale: A Systematic Review and 2026 Measurement of SPF and DMARC Deployment
A decade of deployment evidence, subgrouped by population and vantage so incompatible rates are never blended, plus our own reproducible 2026 measurement of the Tranco top million: SPF at 62.8 percent, DMARC at 47.2 percent, and about half of DMARC adopters now at an enforcing policy. Placement remains the field's open gap. Code and data published.
Read the paper ›Institutional Pressures and Organizational Compliance with Platform Mandates: Longitudinal Evidence from the Adoption of Email Authentication
What actually happened when Google and Yahoo turned authentication best practice into a requirement: a 42-month panel of 191,431 domains shows adoption jumping 9.6 points at the enforcement date, nearly twice as hard among consumer-facing senders, spreading through managed mail infrastructure and peer imitation, and, for most mandated adopters, stopping at the monitoring-only record that satisfies the letter of the rule. Code and data published.
Read the paper ›How these are held to account
Every paper is a desk study built on primary sources: provider postmaster documentation and engineering posts, the RFCs that define email authentication, industry guidance, and the published measurement literature, plus SpamCipher's own measured data where we have it. Before publication each paper passes an adversarial internal review, a citation audit against the live sources, and an independence audit. Self-publishing is not peer review, and we do not imply it is.
Written by Francis Davison, founder of SpamCipher.