Your Emails Aren’t Reaching the Inbox. We’ll Fix That — For Good.

What email deliverability is — and why it’s different from email security

Email deliverability is whether your legitimate outbound emails — invoices, quotes, marketing campaigns, transactional notifications, password resets — actually land in the recipient’s inbox instead of spam, junk or being silently bounced. Email security is about stopping bad email coming in (phishing, BEC, malware). They share some tools (SPF, DKIM, DMARC) but the commercial outcome is different. Deliverability buyers are usually marketing, sales operations or finance leaders worried that real emails are not getting through. Security buyers are usually IT or risk leaders worried about phishing. Most Australian businesses need both. Our email security service covers the inbound side; this page covers the outbound deliverability and DMARC enforcement side.

The deliverability problems we fix every week

• Real invoices and quotes landing in customer spam folders — usually missing or misaligned DKIM, broken SPF, or no DMARC at enforcement.
• Attackers spoofing your domain to send fake invoices to your own clients with your business name in the From field.
• Gmail and Yahoo bouncing your bulk email since the February 2024 sender requirements for 5,000+ messages per day.
• Microsoft bouncing your bulk email since the May 2025 sender requirements rollout.
• DMARC stuck on p=none for years, with nobody monitoring the reports — no real protection and no real deliverability uplift.
• SPF record over the 10-DNS-lookup limit — SPF silently breaks for every receiver and nobody notices until customers complain.
• Third-party senders (HubSpot, Mailchimp, Xero, ActiveCampaign, ServiceM8) failing DMARC alignment and dragging your deliverability down.
• BIMI not set up — you’re missing the verified-logo-in-inbox visibility your competitors are already using.

Our DMARC and deliverability service — six capabilities

1. DMARC setup & staged enforcement

We publish your DMARC monitor record (p=none) with aggregated reporting pointed at our aggregator, identify every legitimate sender from real-world report data over 2–4 weeks, fix each sender’s SPF and DKIM alignment, then move you to p=quarantine and finally p=reject. No "publish p=reject and hope" — we have never broken a client’s legitimate mail flow.

2. Ongoing DMARC monitoring

Aggregate DMARC XML reports parsed and turned into a plain-English monthly summary. Forensic alerts when a new sender starts using your domain. Pass/fail trends so you actually see your authentication posture improve month-on-month.

3. SPF repair & flattening

We fix the 10-DNS-lookup limit that quietly breaks SPF for businesses with many third-party senders. Macro-based flattening, consolidation of stale and duplicate include: records, and removal of expired senders.

4. DKIM setup & key rotation

DKIM signing configured for every legitimate sender on your domain, not just your mail platform. 2048-bit keys, scheduled rotation, multiple selectors. Per-sender DKIM for HubSpot, Mailchimp, Xero, ActiveCampaign, ServiceM8, Klaviyo, SendGrid and every other platform sending on your behalf.

5. MTA-STS & TLS-RPT

Enforce TLS encryption on inbound mail — stops downgrade and interception attacks. TLS-RPT reporting so you see if any sender fails to deliver to you securely. A required ingredient for serious deliverability and supply-chain email security.

6. BIMI & Verified Mark Certificates

Show your verified logo next to your business name in Gmail, Apple Mail, Yahoo and Fastmail inboxes. BIMI DNS record plus Verified Mark Certificate (VMC) coordination with your designer for the required SVG logo format. Higher open rates and instant visual brand trust on every email you send.

How a DMARC enforcement project actually runs

1. Week 1 — audit and publish monitor. Full SPF / DKIM / DMARC / MTA-STS / TLS-RPT / BIMI audit. Publish p=none with RUA aggregated reporting pointed at our aggregator.
2. Weeks 2–4 — identify every sender. Real-world DMARC reports come in. We map every legitimate sender, fix their alignment one at a time, and flag any unauthorised use of your domain for action.
3. Weeks 5–6 — move to quarantine. With every legitimate sender aligned, we move to p=quarantine and monitor for any breakage. Rollback ready at every stage if real mail starts dropping.
4. Weeks 7–10 — move to reject and maintain. Final move to p=reject, full enforcement. Ongoing monthly DMARC monitoring takes over to catch any new senders going forward and keep enforcement clean.

Pricing — one flat fee, optional monitoring

One flat price, in AUD. The one-off fix is $249 ex GST and covers the full audit, the fix for every issue the scanner surfaces (SPF, DKIM, DMARC, MTA-STS, BIMI), and the staged DMARC rollout from p=none through p=quarantine to p=reject. Optional ongoing DMARC monitoring — aggregated reports, monthly summary, alerts on new senders — is $49 ex GST per month, month-to-month, cancel any time. No hourly rates, no surprise add-ons, no quotes. Most agencies charge $2,500 or more for the same DMARC enforcement work and $90 or more per month for monitoring. We deliberately price flat because the deliverability problem itself is well-understood and the work is repeatable.

Third-party senders we configure regularly

Third-party senders are the number one cause of DMARC failures for SMBs. Every platform that sends email on your behalf needs to be properly configured to align with your domain — correct DKIM signing keys, custom return-path domains, SPF includes. Common platforms we deal with weekly: Microsoft 365, Google Workspace, HubSpot, Mailchimp, ActiveCampaign, Constant Contact, Campaign Monitor, Klaviyo, Xero, MYOB, ServiceM8, simPRO, AroFlo, Tradify, SendGrid, Mailgun, Postmark, Amazon SES, Zendesk, Intercom, Freshdesk, Cliniko, Halaxy, Power Diary, Cin7, Shopify, Squarespace, WordPress (WP Mail SMTP), and more.

Who this service is for

• SMBs sending invoices, quotes, statements or transactional email — you can’t afford for any of it to land in spam.
• Marketing-led businesses sending newsletters or campaign email — deliverability directly affects your open rates and ROI.
• Businesses caught out by the Gmail / Yahoo 2024 and Microsoft 2025 sender requirements.
• Businesses that have been spoofed — clients receiving fake invoices in your name — and need to lock the domain down.
• Compliance-sensitive industries (healthcare, allied health, financial services, legal, NDIS) where email impersonation is a real risk.
• Businesses migrating email platforms (Google Workspace to Microsoft 365 or vice-versa) who need authentication done properly during the cutover.

Where we provide email deliverability services

Email deliverability is a remote-delivery service by design — there is nothing physical to install on-site. We support Australian businesses in every state and territory, with on-site offices in Brisbane, Gold Coast, Sydney and Melbourne, and full remote coverage for Perth, Adelaide, Canberra, Hobart, Darwin and regional Australia.

• Email Security (inbound phishing & BEC protection)
• Managed IT Services Australia
• Cybersecurity Services
• Business IT Support Australia

Common questions about email deliverability and DMARC

What is DMARC and why does it matter?

DMARC (Domain-based Message Authentication, Reporting and Conformance) tells receiving mail servers what to do with email that claims to come from your domain but fails authentication. Without DMARC at enforcement (p=quarantine or p=reject) anyone can spoof your domain. DMARC at enforcement also dramatically improves deliverability because Gmail, Microsoft 365, Yahoo and Apple Mail all factor DMARC alignment into inbox placement decisions.

My DMARC record is at p=none. Is that enough?

No. A DMARC record at p=none does not stop anyone from spoofing your domain — it only tells receiving servers to send you reports. You only get real anti-spoofing protection and a deliverability uplift from major receivers once you are at p=quarantine or p=reject.

Will rolling out DMARC break my legitimate email?

It can if done badly — which is why we never publish p=reject on day one. A proper rollout starts with p=none, collects 2–6 weeks of real-world data, fixes every sender, then moves to quarantine and finally reject. We have done this for dozens of Australian businesses without breaking a single legitimate mail flow.

Gmail and Yahoo started rejecting our bulk email in 2024. Is this related?

Yes. In February 2024, Gmail and Yahoo introduced new sender requirements for anyone sending more than 5,000 emails per day — SPF, DKIM, DMARC alignment, one-click List-Unsubscribe headers, and low spam complaint rates. Microsoft followed in 2025 with similar rules. We fix the authentication side end-to-end so your bulk email lands in the inbox again.

How much does email deliverability and DMARC management cost?

A flat $249 ex GST one-off, in AUD. That covers the full audit, the fix for every issue the scanner surfaces (SPF, DKIM, DMARC, MTA-STS, BIMI) and the staged DMARC rollout from monitor to p=reject. Optional ongoing monitoring is $49 ex GST per month, cancel any time. No hourly rates, no surprise add-ons.

How long does a DMARC enforcement project take?

Typically 6–10 weeks end-to-end. It depends entirely on how many third-party senders need remediation and how quickly we can get DNS changes through their vendors.

What is BIMI?

BIMI (Brand Indicators for Message Identification) displays your verified logo next to your business name in Gmail, Apple Mail, Yahoo and Fastmail inboxes. It requires DMARC at enforcement, a published BIMI DNS record, and a paid Verified Mark Certificate for the major mailbox providers.

Can you take over our existing DMARC record?

Yes. We frequently inherit DMARC records that were set up years ago and stuck at p=none. We can take over reporting, audit current senders and move you toward enforcement — no need to start from scratch.

Are you Australia-wide?

Yes. Email deliverability is a remote-delivery service. We support Australian businesses in every state and territory.

Contact Netluma IT

Phone: 1300 521 162

Email: hello@netlumait.com.au

Free instant domain scanner above — flat $249 ex GST to fix every issue it finds. Senior Australian engineers, same-day kickoff, fix applied within 1–2 business days of DNS access, deliverability improving in 3–4 days, next to no emails in spam by day 7.