Granular identity tracking
Before MailChannels evaluates message content, it first determines who is responsible for the traffic. The platform normalizes multiple signals into sender-level tracking context so abuse can be attributed more precisely than the visiblefrom.email address.
For Email API traffic, that context can include:
- The parent account.
- The sub-account, when a sub-account API key is used.
- The sending domain authorized by Domain Lockdown.
- The
campaign_id, when included in the send request. - Envelope and header details that help correlate related traffic.
campaign_id to distinguish campaigns or segments
inside a client sub-account. If one campaign starts producing abnormal bounce or complaint patterns, that traffic
can be understood in context without treating every message from the reseller as identical.
Policy and infrastructure checks
MailChannels validates sender and account context before and during delivery. These checks help prevent spoofing, unauthorized sending, quota abuse, and infrastructure patterns commonly associated with compromised systems. Examples include:- Confirming that the sender is authorized through Domain Lockdown.
- Evaluating SPF, DKIM, and DMARC posture for sending domains.
- Checking account, sub-account, plan, and usage constraints.
- Comparing sender, domain, IP, and URL signals with internal and external reputation data.
- Applying additional scrutiny to new domains, new sender identities, or traffic patterns without an established history.
Content and payload analysis
Each message is evaluated for signs of spam, phishing, malware, credential theft, and other abusive behavior. MailChannels uses layered scanning rather than relying on one signal. The platform can evaluate:- Message body and attachment characteristics.
- URLs and domains found in the message.
- Header structure and message formatting.
- Sender and reply-to alignment.
- Patterns commonly produced by compromised scripts or automated abuse tools.
- Similarities between messages that may be part of the same campaign, even when they use different sender addresses.
Behavioral profiling over time
Abuse is often visible only when messages are viewed as a stream. MailChannels evaluates sender behavior across short and longer time windows so it can detect changes that a single-message scan may miss. Behavioral signals can include:- Message volume and sending velocity.
- Recipient validity and bounce patterns.
- Complaint and unsubscribe behavior.
- Repeated delivery failures.
- Sudden changes in content, domains, URLs, or recipient lists.
- New sender identities that ramp volume before building a positive history.
Recipient list and hygiene signals
Recipient quality is a major reputation signal. Poor list hygiene can look similar to abuse, especially when a sender hits many invalid addresses, spam traps, or unrelated recipient patterns in a short time. MailChannels evaluates recipient behavior and list structure to identify:- Purchased or scraped lists.
- Dictionary-style address generation.
- High invalid-recipient rates.
- Repeated hard bounces.
- Complaint-heavy recipient groups.
- Suppression-list conflicts.
Routing and enforcement
After MailChannels combines identity, policy, content, recipient, and behavioral signals, the platform chooses an enforcement outcome. The goal is to protect legitimate senders and recipient networks while containing suspicious or abusive traffic as narrowly as possible. Possible outcomes include:| Outcome | What it means |
|---|---|
| Accept | The message is queued for delivery. |
| Defer | Sending is temporarily slowed or retried later when the traffic needs more control. |
| Reject | The message is blocked because it violates policy or reputation safeguards. |
| Drop | The message is stopped before delivery and reported through delivery events when applicable. |
| Route with additional controls | Traffic may be handled differently based on risk, sender history, or reputation context. |