A report based on insights from more than 400 billion emails sent in 2025 and a global survey of over 1,200 bulk senders found that nearly 18% of emails fail to reach the inbox, putting up to a fifth of potential ROI at risk for many organizations. And that’s not counting spam folder placement. These are emails that were accepted by mail servers, processed, and then disappeared anyway before a human eye could see them.
But what’s more concerning is the fact that fewer than half of the organizations surveyed could confidently measure email ROI, even though 60% of those that do reported great returns. So the problem isn’t that email doesn’t work, but rather that most of the time, you can’t see whether it does.
This month had some answers: uncomfortable ones, overdue ones, and some still being worked out. Here’s what happened this month in email deliverability in 2026.
Key takeaways
- Nearly 18% of emails never reach the inbox, and fewer than half of sending organizations can actually measure why. Microsoft pushed its Basic Authentication deadline to December 2026, Gmail’s AI is now suppressing up to 40% of delivered emails before anyone sees them, and DMARC adoption remains low, with 70.9% of monitored domains still unprotected.
- AI is being used widely in email, but mostly for content generation, which is the least impactful use case. Teams applying it to segmentation, complaint prediction, and send optimization report measurable gains in deliverability performance.
Microsoft draws a hard line, then moves it.
The other headline this month involves Microsoft, and it’s a little complicated.
Going into April, the industry was bracing for Microsoft’s April 30 cutoff for Basic Authentication on SMTP. This was supposed to mean that any device or application still using a username and password to send email through Exchange Online would go dark. Microsoft began blocking Basic Authentication for SMTP on March 1, 2026, with full enforcement expected by April 30.
But they seem to have backtracked since.
Microsoft has recently confirmed that the April 30 enforcement date would not be enforced immediately. Microsoft 365 tenants can now use Basic Authentication with SMTP AUTH to submit messages through Exchange Online until the end of December 2026, while new tenants created after that point will have no access to Basic Auth at all. The reasoning, per Microsoft, is that customers “face real challenges modernizing legacy email workflows.”
That’s diplomatic, but what it really means is that a big portion of enterprise infrastructure, like printers, scanners, line-of-business applications, and legacy CRMs, was simply not ready. Unauthenticated email is increasingly blocked or throttled, and domains without alignment between SPF, DKIM, and DMARC are treated as risky, so pushing the deadline buys time. It does not, however, change the destination.
Gmail’s AI inbox is now a deliverability variable
One thing we’ve all learned with deliverability over the years is that you can clear every technical hurdle and still lose. The word “delivered” increasingly doesn’t mean all that much.
Earlier this year, Google pushed Gmail’s Gemini AI features into broader availability. Gmail now uses AI Overviews to summarize email threads and answer questions, while a new AI Inbox filters out what it considers unimportant, prioritizing incoming messages based on data from contacts you email frequently and relationships inferred from message content.
Gmail’s AI creates a gradient of visibility within the primary inbox, which means that an email can reach the inbox but be effectively invisible if the AI deprioritizes it, and these days, up to 40% of emails reaching Gmail inboxes are being deprioritized by engagement-based filtering.
That 40% figure is not a bounce, and it won’t show up in your delivery rate. Your ESP dashboard will report a clean send, while your subscriber might never have scrolled past it.
Gmail’s AI evaluates the first 100–200 characters of your message body when generating summary text. Poorly structured emails may be deprioritized or incorrectly summarized, reducing engagement. Generic openers like “Hope this finds you well” are essentially handing Google the controls on how your email program is presented. Front-load the value, or let the algorithm decide what your audience sees.
DMARC adoption is still embarrassing
Two years after Google and Yahoo formalized DMARC (Domain-based Message Authentication, Reporting, and Conformance) requirements, the numbers haven’t moved a lot. As of March 2026, 70.9% of nearly one million monitored domains still have no effective DMARC protection. Only 10.7% have full protection at p=reject with pct=100. Another 18.4% have partial coverage.
That’s roughly seven in ten domains still either unprotected or in monitoring-only mode (p=none), which, as the industry has been saying for months, offers zero enforcement. With this in mind, expect mailbox providers to raise the bar on DMARC throughout the rest of 2026, with p=none increasingly treated as unverified rather than compliant.
The SPF 10-lookup limit is causing problems alongside this. As organizations add on more third-party tools from ESPs, CRMs, and email marketing platforms, many are reaching the DNS lookup limit. This results in a PermError, which means authentication fails, and in turn, inbox placement suffers. Alongside the DNS configuration, SPF (Sender Policy Framework) flattening has become one of the more important deliverability tasks of 2026.
What about AI?
AI adoption is widespread, but its impact remains uneven. Most companies are still focused on basic use cases such as content generation, while higher-impact applications like optimization, segmentation, and deliverability remain underutilized. But those that do use AI to its full capability are also reporting improved email performance. It seems that using AI to just write subject lines is not as optimal after all!
So if you’re using it to understand why specific segments disengage, to predict complaint risk before a campaign goes out, and to optimize send timing at a per-recipient level, you’re way ahead. Content generation is the easy part, but behavioral intelligence is the next significant step.
Kate Nowrouzi, VP of Deliverability at Sinch, put it like this:
“Using AI to generate content is a good starting point, but it’s not where the biggest impact happens.”
Final thoughts on email deliverability in 2026
After all this, what’s the big takeaway? Deliverability in 2026 is not something you can hand off to someone else. It impacts revenue directly and shows up in open rates that look fine, in campaigns that seem to perform well, and in dashboards that report nothing wrong while conversions go sideways.
Mailbox providers are only enforcing what their users actually want, and that is relevant mail, from legitimate senders who’ve earned it.
So if you want to keep your place in the inbox, check your authentication status, verify your lists, and watch what happens after the open. But if you don’t have 6 weeks to rebuild trust organically (and you probably don’t), try InboxAlly for free and accelerate the reputation work all major inbox providers respond to.
We’ll be back next month with more. For now, keep your eye on the behavior behind the numbers, and you’ll do fine.