Web Email Best Practices for Businesses & Developers

Master modern business email: ensure deliverability, security, accessibility, and compliance in every message. This in-depth guide covers professional formatting, authentication (SPF, DKIM, DMARC), accessibility, HTML vs plain text, attachments, anti-spam tactics, privacy, and more—with actionable tips, code, and checklists for 2025.

A business professional and developer collaborating on secure, professional email practices

Email is the backbone of modern business communication—connecting teams, reaching customers, and delivering critical updates. Yet, poor practices can mean lost opportunities, security breaches, or even legal trouble. Whether you're a developer, IT admin, or business leader, mastering email best practices is essential for successful, compliant, and professional communication.

Professional Email Formatting

  • Clear subject lines: Summarize the purpose in a few words. Avoid vague terms like “Hi” or “Important!”
  • Structured layout: Use paragraphs, headings, and bullet points for readability. Break up long text blocks.
  • Consistent branding: Include a professional signature with your name, role, company, and contact info. Add a logo if possible.
  • Responsive design: Ensure emails display well on desktops and mobile devices (use tables, avoid fixed-width).
  • Polite tone: Use courteous greetings and closings. Avoid slang and excessive punctuation.
DoDon't
Subject: Meeting Update – Project XSubject: Important!!!
Hi John,
Let’s review the attached plan.
Best, Jane		hey, see attached.
Professional signature blockNo sign-off, missing signature

Authentication Protocols: SPF, DKIM, DMARC

Protect your business email from spoofing and phishing with these essential protocols:

  • SPF (Sender Policy Framework): Specifies which servers can send email on your domain’s behalf. Configure via DNS.
  • DKIM (DomainKeys Identified Mail): Adds a digital signature to outgoing messages. Recipients verify authenticity with your public key.
  • DMARC (Domain-based Message Authentication, Reporting & Conformance): Tells receiving servers how to handle unauthenticated emails—preventing abuse and enabling reporting.
ProtocolPurposeSet Up
SPFAllowlist sending serversDNS TXT record
DKIMSign outgoing emailDNS TXT record, mail server config
DMARCEnforce SPF/DKIM & get reportsDNS TXT record
Tip: Use online tools (e.g., MXToolbox, DMARC Analyzer) to test your setup. Overly strict DMARC policies can block legitimate messages—start with p=none and monitor before enforcing p=quarantine or p=reject.

Email Accessibility Guidelines

  • Use alt text for images: Describe images for screen readers; never leave alt attributes blank unless purely decorative.
  • Maintain logical reading order: Structure content with headings and lists.
  • Ensure color contrast: Text/background pairs must have at least 4.5:1 ratio.
  • Readable fonts: Use web-safe, sans-serif fonts at 16px or larger.
  • Semantic HTML: Use <h1>, <ul>, <table> appropriately.
Example Accessible Email Snippet:
<table role="presentation" width="100%">
<tr>
<td>
<img src="logo.png" alt="Acme Corp Logo" width="120">
<h1>Monthly Update</h1>
<p>Your account summary...</p>
</td>
</tr>
</table>

HTML vs Plain Text: Which Email Format?

Should you send HTML, plain text, or both? The best practice is to offer multipart/alternative—including both HTML and plain text for maximum compatibility and deliverability.

HTML EmailPlain Text
AppearanceBranding, layout, imagesText only, minimal formatting
CompatibilityModern clients, risk of broken designAll clients/devices
Spam RiskHigher if abused (too many images, links)Lower, trusted
AccessibilityNeeds extra care for screen readersAccessible by default
Tip: Always provide a plain text version for transactional or critical emails. Some recipients and spam filters distrust HTML-only messages.

Attachments: Best Practices

  • Use safe, common file types (PDF, DOCX, PNG, JPG).
  • Limit file size: Keep under 10MB when possible, ideally <3MB.
  • Use descriptive filenames: Invoice_2025-01-15.pdf not scan123.pdf
  • Scan attachments for malware before sending.
  • Avoid sending ZIP, EXE, or scripts—these are often blocked or flagged as spam.
Danger Zone – Common Attachment Mistakes:
  • Sending executable files (.exe, .bat)
  • Uncompressed high-res images (slow to load, may bounce)
  • Long/random filenames (hard to identify)
  • No virus/malware scanning

Anti-Spam: How to Avoid Email Spam Filters

  • Authenticate with SPF, DKIM, and DMARC
  • Include a visible unsubscribe link in bulk/marketing emails
  • Use clear, non-deceptive subject lines
  • Avoid “spammy” words/punctuation (FREE!!!, $$$, etc.)
  • Don’t use image-only emails—always include real text
  • Limit links and attachments
  • Send from a reputable, non-noreply address

Privacy & Compliance

  • GDPR, CAN-SPAM, CCPA: Know your region’s laws. Only email users who’ve opted in, and provide opt-out options.
  • Minimize personal information: Never include sensitive data in plain text emails (passwords, SSNs, etc.).
  • Maintain records: Document consent and user preferences.
  • Privacy Policy: Link to your privacy policy and honor user data requests promptly.
Want details? See our Email Compliance Guide for deep dives on regional laws and best practices.

Common Business Email Mistakes (and How to Fix Them)

  • Using “noreply@” addresses – Looks unprofessional and can reduce engagement. Use a monitored inbox.
  • Forgetting BCC when emailing groups – Exposes recipient emails. Always use BCC for mass sends.
  • Broken or missing unsubscribe links – Can violate laws and increase spam complaints.
  • Missing alt text on images – Reduces accessibility for visually impaired users.
  • Not testing on mobile – Layout issues cause unreadable emails on phones.

Comprehensive Email Best Practices Checklist (2025)

  • Use clear, descriptive subject lines
  • Structure email content for readability
  • Use professional signatures and branding
  • Authenticate with SPF, DKIM, and DMARC
  • Ensure accessibility (alt text, contrast, semantic HTML)
  • Send both HTML and plain text versions
  • Limit attachments to safe types and reasonable sizes
  • Avoid spammy content and words
  • Honor user privacy and follow regional compliance laws

Code Examples: Secure & Accessible Email Sending

This PHP example uses PHPMailer to send a secure, accessible HTML email with authentication.

// Install: composer require phpmailer/phpmailer
use PHPMailer\PHPMailer\PHPMailer;
$mail = new PHPMailer();
$mail->isSMTP();
$mail->Host = 'smtp.yourdomain.com';
$mail->SMTPAuth = true;
$mail->Username = 'user@yourdomain.com';
$mail->Password = 'yourpassword';
$mail->SMTPSecure = 'tls';
$mail->Port = 587;

$mail->setFrom('hello@yourdomain.com', 'Your Name');
$mail->addAddress('recipient@example.com');
$mail->Subject = 'Welcome to Acme Corp';
$mail->isHTML(true);
$mail->Body = '
Welcome
Thanks for joining. Acme Logo
';
$mail->AltBody = 'Welcome\nThanks for joining.';

$mail->addCustomHeader('List-Unsubscribe', '');
if(!$mail->send()) { echo 'Mailer Error: ' . $mail->ErrorInfo; }

Node.js example using Nodemailer for authenticated, accessible HTML and plain text email.

// Install: npm install nodemailer
const nodemailer = require('nodemailer');
const transporter = nodemailer.createTransport({
  host: 'smtp.yourdomain.com',
  port: 587,
  secure: false,
  auth: { user: 'user@yourdomain.com', pass: 'yourpassword' }
});

const mailOptions = {
  from: 'Your Name ',
  to: 'recipient@example.com',
  subject: 'Welcome to Acme Corp',
  html: '
Welcome
Thanks for joining. Acme Logo
',
  text: 'Welcome\nThanks for joining.',
  headers: { 'List-Unsubscribe': '' }
};

transporter.sendMail(mailOptions, (err, info) => {
  if (err) console.error('Error:', err);
  else console.log('Sent:', info.response);
});

Email Best Practices: FAQ

Common reasons include missing authentication (SPF/DKIM/DMARC), use of “spammy” words or excessive links, lack of plain text version, no unsubscribe link (for bulk), or a poor sender reputation. Always check your setup with tools like MXToolbox, and avoid image-only emails or attachments that might be blocked. Monitor blacklists and request removal if needed.

Verify your sending domain’s DNS records for SPF, DKIM, and DMARC. Make sure your SMTP server is not on any blacklists and is configured with the correct reverse DNS (PTR) record. Check if the recipient’s server has strict filters or if your message content/attachments are being flagged. Always test with multiple clients and consider using a reputable email delivery service for higher reliability.

Obtain explicit consent before emailing, provide a clear unsubscribe option, and honor opt-outs promptly. Never include sensitive personal data in plain text. Maintain records of consent, inform users how their data is used, and provide access or deletion upon request. For marketing emails, include your physical business address and a link to your privacy policy. See our Email Compliance Guide for more.

Frequently missed elements include missing or unhelpful alt text on images, poor color contrast, inaccessible fonts (too small or decorative), and lack of semantic HTML. Image-only emails and improper use of tables can also cause issues for screen readers. Always test your emails with accessibility checkers and screen reader software to ensure everyone can access your content.

Related Resources & Tools

SPF/DKIM/DMARC Setup Guide

Step-by-step instructions for authenticating your business email domains and maximizing deliverability.

Read More
Email Compliance Explained

Understand GDPR, CAN-SPAM, and CCPA requirements for business email, with practical compliance tips.

Read More
HTML Email Template Generator

Design accessible, responsive email templates for your business or team—no coding required.

Try Now
MXToolbox (External)

Check DNS records, blacklists, and email authentication setup online.

Go to Tool
Litmus Email Tester (External)

Preview your emails across devices and check for accessibility and spam filter issues.

Go to Tool
Google Postmaster Tools (External)

Monitor your domain’s sender reputation and troubleshoot Gmail deliverability.

Go to Tool