I want to tell you about the most boring problem in hotel marketing that quietly costs the most money: your emails are not landing in the inbox, and you have no idea.
You see an open rate of 11 percent and shrug. You assume people are busy, or that email is dead, or that your past guests just do not care. Meanwhile, the actual story is that Gmail and Outlook are routing a chunk of your beautifully designed “we miss you, come back” campaign straight to spam, where nobody will ever see it. The booking engine never gets the click. The OTA gets the booking instead, at a 15 to 25 percent commission, because the guest searched your name, saw the booking site at the top, and clicked.
I have crawled and audited a lot of independent hotel marketing stacks, and email deliverability is consistently the most neglected lever. So let me walk you through exactly why this happens and the fixes that genuinely move the needle, in the order I would do them.
First, the mental model: you are not “sending” email, you are being judged
Here is the thing nobody tells hoteliers. When you hit send, you are not pushing email into a neutral pipe. You are submitting an application to Gmail, Outlook, Apple Mail, and Yahoo, and each of them decides in real time whether you are trustworthy enough to reach the inbox.
They judge you on roughly three things:
- Authentication — can they prove this email really came from you and was not forged?
- Reputation — do the domain and IP you send from have a history of people wanting your mail?
- Engagement — when your mail does land, do real humans open, read, and reply, or do they delete and complain?
Most hotels get fixated on the third thing (the campaign, the subject line, the pretty template) while completely ignoring the first two. But if your authentication is broken, your gorgeous campaign never gets a fair hearing. So we start at the foundation.
SPF, DKIM, DMARC: the three records that decide whether you are real
These three sound like alphabet soup, so let me translate them into hotel terms.
SPF (Sender Policy Framework)
SPF is a public list, published in your domain’s DNS, of which servers are allowed to send email on your behalf. Think of it like the approved vendor list at your loading dock. If a server tries to send “from” yourhotel.com and it is not on the list, the mailbox provider gets suspicious.
The classic mistake: a hotel uses four or five services that send email in their name. The booking engine sends confirmations. Mailchimp sends the newsletter. The PMS sends pre-arrival emails. A reservations inbox sends from Google Workspace. The reputation tool sends review requests. Each of those needs to be authorized in a single SPF record, and SPF only allows one record per domain. I constantly find hotels where someone added the newsletter tool years ago, then a new booking engine got bolted on and never made it into SPF. Half their transactional mail is now failing authentication.
DKIM (DomainKeys Identified Mail)
DKIM adds a cryptographic signature to every message. The mailbox provider checks that signature against a public key in your DNS. If it matches, the email genuinely came from an authorized sender and was not tampered with in transit. It is the wax seal on the envelope.
You enable DKIM separately inside each sending platform, and each one gives you a DNS record to publish. If you have five senders, you have five DKIM setups to verify. Skipping one means that platform’s mail is half-naked.
DMARC (Domain-based Message Authentication, Reporting and Conformance)
DMARC is the policy and the reporting layer that sits on top. It tells inbox providers: “If a message claiming to be from us fails both SPF and DKIM, here is what to do with it.” Your options are roughly: do nothing (p=none, monitor only), send it to spam (p=quarantine), or reject it outright (p=reject).
Just as important, DMARC sends you reports showing exactly who is sending mail using your domain, including services you forgot about and the occasional bad actor spoofing you. Gmail and Yahoo now effectively require DMARC for anyone sending bulk mail, so this is not optional anymore.
The “alignment” trap that fools experienced marketers: a message can pass SPF and still fail DMARC if the domain that passed SPF does not match the domain in the visible From address. This is why mail sent through a third-party platform on its own shared domain can authenticate technically yet still get filtered. You want SPF and DKIM aligned to your own hotel domain, not the vendor’s.
Here is how I think about the target state versus what I usually find on day one.
| Record | What it proves | What I usually find | Where you want to be |
|---|---|---|---|
| SPF | Which servers may send for you | One or two senders missing | Every active sender authorized, one clean record |
| DKIM | The message is genuinely yours | Set up on the newsletter only | Signing enabled and verified on every sender |
| DMARC | What to do with fakes, plus reports | Missing entirely | At least quarantine, with reports going to a real inbox |
If you do nothing else from this post, get these three correct for every service that sends mail in your hotel’s name. It is the single highest-leverage deliverability fix, and it is mostly a one-time DNS job.
List hygiene: your reputation is built one address at a time
Once authentication is solid, reputation is the next battlefield, and reputation is mostly about who you send to.
Mailbox providers watch how recipients react to your mail. Lots of opens and replies tell them you are wanted. Lots of bounces, deletes-without-opening, and spam complaints tell them you are a nuisance, and they ratchet down your placement for everyone, including the guests who actually love you.
A neglected hotel list is a reputation landmine. You have years of addresses: typo’d ones from the front desk, one-time OTA guests whose real address was masked, corporate addresses of people who left their company, and folks who have not opened anything since 2023. Every send to that dead weight drags your sender reputation down.
What I actually do for list hygiene:
- Remove hard bounces immediately and permanently. A hard bounce means the address does not exist. Keep mailing it and you look like a spammer who bought a list.
- Suppress the long-term unengaged. If someone has not opened anything in roughly 6 to 12 months, stop including them in routine sends. They are not helping, and they are hurting placement.
- Re-permission instead of guessing. For a borderline segment, send one honest “do you still want to hear from us” email. The people who click back in are worth ten silent addresses.
- Fix the source. Validate email addresses at the point of capture, at the front desk and in the booking flow, so you stop poisoning the list at the top. This connects directly to your book-direct conversion experience, because the booking form is where most good addresses are born.
I know it feels backwards to email fewer people. But a smaller, engaged list outperforms a bloated, dead one on both deliverability and revenue. You are optimizing for who opens, not for a vanity headcount.
Engagement-based sending: send to the people who want you, more often
This is the part that ties it together, and it is where most hotels can make the fastest gains without touching DNS again.
Modern filtering is heavily engagement-weighted. So the smart move is to deliberately concentrate your sending on the segments most likely to engage, especially when you are rebuilding a reputation that has been dinged.
Practically, that looks like this:
Send your best, most engaged segment first, watch it open and click, then expand outward to colder segments only after your reputation has warmed up. Reputation compounds: a strong send makes the next one land better.
A simple engagement-tiered approach I use:
- Tier 1, recent and active. Guests who stayed or opened in the last 90 days. Mail these often. They build your reputation.
- Tier 2, warm but quieter. Opened in the last 3 to 6 months. Mail these regularly with genuinely relevant offers.
- Tier 3, cooling off. 6 to 12 months silent. Mail sparingly, with a re-engagement angle.
- Tier 4, cold. Over a year silent. One re-permission attempt, then suppress.
Two more things that matter more than people expect. First, warm up gradually when you move to a new sending platform or a new domain. Do not blast 40,000 people on day one from a brand-new sender; ramp volume over a couple of weeks so providers can build trust in you. Second, consistency beats bursts. A predictable cadence of relevant mail to engaged people trains the filters in your favor far better than three giant sends a year that look like a sudden spam event.
The step-by-step audit I run when open rates are sliding
Here is the diagnostic sequence, in order, when a hotelier tells me their opens are quietly collapsing. Work it top to bottom and stop fixing as you find problems.
- Inventory every sender. List every service that sends mail as your hotel: booking engine, PMS, newsletter tool, Google Workspace, reputation and review tool, any CRM. You cannot authenticate senders you have not named.
- Check SPF. Confirm one SPF record exists and that every sender from step one is included. Watch for the limit on DNS lookups, which silently breaks SPF when you stack too many vendors.
- Check DKIM on each sender. Log in to each platform and verify DKIM signing is enabled and the DNS record is published and valid. Do this per service, not once.
- Check DMARC. Confirm a DMARC record exists, that reports are flowing to an inbox a human reads, and read those reports to see who is really sending as you.
- Send seed tests. Mail a spread of test addresses across Gmail, Outlook, Yahoo, and Apple Mail and note where each lands: primary inbox, promotions, or spam. This shows you the real placement, not the open rate, which can be distorted by privacy features.
- Pull bounce and complaint rates. High bounces point to a dirty list. Any meaningful spam-complaint rate is an emergency.
- Segment by engagement and look at the trend. If opens are dropping across the board, suspect authentication or reputation. If they are dropping only in older segments, it is list rot.
- Check content and links. Broken or shady-looking links, a single giant image with no text, or link domains that do not match your brand can trip filters even when everything else is clean.
Nine times out of ten, the culprit is in steps 2 through 4, an authentication gap nobody noticed, or in step 6, a list that has not been cleaned in years. Both are fixable.
Why this is a direct-booking issue, not just an IT chore
Let me bring it back to the money, because that is the only reason any of this matters.
Email is one of the few channels you fully own. It is the cheapest, most direct line you have to a past guest who already knows your property, and it is the channel best positioned to win back a repeat stay before that guest defaults to an OTA out of habit. If you want to reduce your OTA dependence and claw back margin, a deliverable email list is one of your strongest tools, sitting right alongside getting your Google Business Profile dialed in and making sure you actually rank for your own hotel name.
Every email that lands in spam is a guest you paid nothing to reach who then books through a channel that charges you commission. The math is the same brutal logic I lay out in the book-direct commission breakdown: a few points of margin on every repeat booking adds up fast across a year.
I want to be honest with you about timelines. Authentication fixes can improve placement within days because they are technical and binary. Reputation repair is slower; if you have been mailing a dead list for a year, it can take several weeks of disciplined, engagement-first sending to rebuild trust with the major providers. There is no button that guarantees the inbox. What you can do is steadily stack the odds in your favor until landing in the inbox becomes your default state rather than a coin flip.
Where to start this week
If your open rates have been quietly sliding, do this: inventory your senders, verify SPF, DKIM, and DMARC for every one of them, pull your bounce rate, and run a seed test across the major providers. That alone will tell you whether you have an authentication problem, a list problem, or both. Then clean the list and start sending to your most engaged guests first.
If you would rather not spend your week reading DNS records, that is exactly the kind of unglamorous, high-leverage work we handle as part of our content and reputation program, wired straight into a book-direct strategy so the inbox wins actually turn into bookings. Want a second set of eyes on why your hotel email is underperforming? Grab a free intro call and I will walk your stack with you.