CPA Newsletter Deliverability Checklist (2026

Most deliverability guides treat all senders the same: configure SPF, publish DMARC, watch your spam rate. That advice is correct and incomplete. A CPA firm sending a January 28 newsletter on the day IRS e-file opens has three deliverability problems no SaaS company has: a content vocabulary that overlaps with phishing kits, a calendar that compresses 60% of annual sends into 12 weeks, and a regulator (the FTC) that, since June 2023, treats tax preparers under the same Safeguards Rule that governs banks.

The general 2024–2025 sender rules are covered in the newsletter deliverability hub: SPF, DKIM, DMARC alignment, RFC 8058 one-click unsubscribe, the 5,000-message daily threshold, and the 0.10% spam-rate ceiling. This page is the industry-applied version — what an accounting firm has to add on top, where the timing changes, and which compliance obligations cross into the deliverability layer.

How does tax-season volume change the 5,000-per-day threshold?

Short answer: A weekly Q1 cadence to 1,800 clients hits 5,000/day inside Gmail’s personal-account counting if 60% of the list is on Gmail and a single send fans out across multiple subdomains. Once tripped — even once — the firm is permanently a bulk sender per Google’s FAQ.

The Google Workspace Admin Help FAQ defines a bulk sender as one that “sends close to 5,000 messages or more to personal Gmail accounts within a 24-hour period” and adds: “Senders who meet the above criteria at least once are permanently considered bulk senders.” The number sounds high until you map it to a CPA firm’s actual Q1 calendar. A firm with 1,800 client households, weekly cadence from January 28 through April 15, 60% Gmail penetration on the individual-filer list, and an additional 1,200 transactional sends per week (engagement letters, e-file confirmations, K-1 ready notifications) clears 5,000 messages in a single day during the March 10 entity-deadline week.

Two facts compound the problem. First, the threshold is per primary domain, not per subdomain — a firm sending newsletters from news.firm.com and tax notifications from notify.firm.com still has both volumes counted against firm.com. Second, “permanently bulk” means the post-April lull does not reset the classification. A firm tripping the threshold once in March is held to bulk-sender authentication for the rest of the year, including the quiet May–July window. The corollary: build for bulk-sender compliance year-round, not just during Q1.

Will IRS-coded language land my newsletter in spam?

Short answer: “IRS,” “refund,” and “audit” in the body of an authenticated newsletter from an engaged sender land in the inbox. The deliverability cost is in subject lines that mirror phishing patterns — ALL CAPS, dollar amounts, urgent verbs, sender names containing “IRS” or “Treasury.”

The IRS Dirty Dozen phishing list documents the exact language patterns spammers use to impersonate the IRS. Gmail and Microsoft train their Bayesian filters on the same dataset. The result: subject lines like “URGENT: Action Required on Your IRS Refund” trigger the same pattern recognition, regardless of who sent them. The fix is not avoiding tax vocabulary — it is writing subject lines that read like a CPA, not like a scam: “What the OBBBA passthrough rules mean for your S-corp,” not “IMPORTANT: $14,500 in OBBBA savings.”

Sibling page on accounting newsletter subject lines covers the open-rate side; this page covers the spam-folder side. The two share roughly 70% of their guidance — an authenticated sender writing professional subject lines clears both filters at once.

Figure

CPA firm sending volume vs. Gmail bulk-sender threshold

A 1,800-client firm sending weekly Q1 with 60% Gmail penetration crosses the 5,000/day primary-domain threshold during the March entity-deadline week and the April 15 individual-deadline week. May–July sits comfortably under the line.

Calendar window	Newsletter sends/wk	Transactional/wk	Peak day volume	Gmail bulk?
Jan 28 – Feb 28	1,800	600	~3,200	Borderline
Mar 1 – Mar 16	1,800	1,400	~5,400	Yes
Apr 1 – Apr 15	1,800	2,100	~6,200	Yes
May 13 – Aug 31	900 (biwk)	300	~1,400	No
Sep 1 – Oct 15	1,800	900	~3,800	Borderline
Nov 1 – Dec 31	1,800	500	~3,200	Borderline

Source: Google Workspace Admin Help — Email sender guidelines FAQ; AICPA Tax Section calendar; NewsletterAsAService modeling

How does Circular 230 retention interact with newsletter archival?

Short answer: A general-audience newsletter is not Treasury Circular 230 §10.31 “written advice.” The retention obligation attaches the moment a newsletter contains client-specific guidance — tying a recommendation to a named client’s entity election, AGI band, or filing status.

Treasury Department Circular 230 §10.37 governs written advice on Federal tax matters. Generic guidance — “the OBBBA permanently extends the §199A deduction at 23%” sent to a 1,500-client list — is not §10.37 advice. A segmented send that recommends to specific clients that they take a specific action by a specific date crosses into individualized advice. The deliverability question that follows: where is the archive of record?

ESP archives (Mailchimp, Beehiiv, ConvertKit) are not designed for tax-record retention. The right answer for accounting firms: keep general-audience content in the ESP and route any client-specific written advice through the firm’s engagement-letter process and secure portal, where the §6107 four-year preparer record-retention obligation already governs storage. Cross-contaminating the two creates a deliverability problem (ESP archives become evidence) and a compliance problem (the firm cannot enforce §10.37 contemporaneous documentation through a marketing-list provider).

What does the FTC Safeguards Rule add for tax preparers?

Short answer: The June 2023 amendments to 16 CFR 314 (the Safeguards Rule) apply to tax preparers as “financial institutions.” A newsletter that contains personally identifiable tax information must be encrypted in transit. A general-audience newsletter is unaffected; a client-specific tax preview is.

The FTC’s 2023 Safeguards Rule update added a breach-notification requirement (notice to the FTC within 30 days for unauthorized acquisition of unencrypted customer information affecting 500+ consumers) and explicitly listed tax preparation services in the covered category. For deliverability purposes the implication is narrow but binding: client-segmented tax content carries an encryption-in-transit obligation that opportunistic TLS may not satisfy. Practical separation — general newsletters in the ESP, anything client-specific in the secure portal — resolves both the encryption requirement and the §10.37 archive question with the same architectural decision.

“The number is not 5,000, or 6,000, or 4,000. If you send 4,999 messages, you still have to follow the requirements.”

Marcel Becker, Yahoo Sender Hub — on the bulk-sender threshold

Figure

CPA firm Gmail Postmaster spam-rate target during Q1

Below 0.10% is healthy; 0.10–0.30% is the warning zone where Gmail begins down-ranking; at or above 0.30% the firm is ineligible for mitigation per the June 2024 enforcement update. Tax-season weekly cadence pushes complaints up — plan the buffer accordingly.

Source: Google Workspace Admin Help — Email sender guidelines (5,000+ section)

The 6-step CPA deliverability checklist

Each step below is the industry-applied version of a generic deliverability rule. Generic guidance gets a CPA firm to 90% inbox placement; the niche-specific layer is what gets the remaining 10% during the 12 weeks that matter.

1. Split the marketing newsletter from tax-document delivery on separate subdomains
The marketing newsletter sends from news.firm.com via your ESP. Tax-document notifications send from notify.firm.com via your portal vendor (SafeSend, SmartVault, TaxDome). Each subdomain gets its own DKIM selector and its own Postmaster Tools reputation. A spam complaint on the newsletter does not impair tax-document delivery, and the tax-document compliance footprint (Safeguards Rule, §10.37) does not pull the newsletter under encryption-in-transit.
2. Publish DMARC at p=quarantine before January 28, not after the first complaint
Begin the DMARC progression in November when sending volume is low and aggregate reports are easy to read. Move from p=none to p=quarantine; pct=25 in December. Reach p=quarantine; pct=100 by January 15 — before IRS e-file opens. Do not run DMARC discovery during Q1; aggregate-report volume during a tax-season weekly send is unreadable, and a forgotten authorized service caught at pct=100 during March is a five-day inbox outage.
3. Audit subject-line vocabulary against the IRS Dirty Dozen
Pull the current IRS Dirty Dozen list and use it as a prohibited-pattern reference for subject lines, not body copy. Forbidden combinations: ALL CAPS + dollar amount; “urgent”/“immediate”/“final notice” + “refund”/“audit”; sender display names containing “IRS,” “Treasury,” or “Tax Authority.” The body copy can use the full tax vocabulary — Gmail’s filter is sender-aware and rewards consistent, professional content.
4. Implement RFC 8058 one-click unsubscribe with a 48-hour honor window
Both List-Unsubscribe and List-Unsubscribe-Post: List-Unsubscribe=One-Click headers in every newsletter. The unsubscribe endpoint accepts a POST and removes the recipient within 48 hours — not the CAN-SPAM 10-business-day window. Most ESPs handle this automatically; verify by viewing the raw headers of a test send. Failure here is the single most common cause of Gmail bulk-sender rejection during Q1, ahead of authentication failures.
5. Hold the spam-rate buffer below 0.08% all year, not 0.10%
Google’s 0.10% target is a ceiling; treat it as a 0.08% operating limit. Tax-season cadence pushes complaints higher than off-season cadence even at the same content quality — clients buried in 1099s click “Mark as spam” instead of unsubscribing. A 0.02-point buffer absorbs the Q1 spike without ever reaching the 0.10% line. Monitor weekly in Postmaster Tools; if the rate crosses 0.08% in any seven-day window during March, pause the next send and audit the segment that triggered it.
6. Run a list-hygiene pass between October 16 and January 14, never during a busy season
Suppression of subscribers with no engagement for 12 months should happen during the post-extension lull (October 16–December 1) or the pre-busy-season window (December 15–January 14), never during Q1 or the September extension sprint. Removing 8% of a list during March compresses good engagement into a smaller denominator and inflates the spam-complaint rate at exactly the wrong moment. The cleanup sequence: identify, soft-suppress (move to a separate audience that does not send), wait 30 days, hard-delete. Apple Mail Privacy Protection means “no opens” alone is no longer a clean suppression signal — combine opens with clicks, replies, and portal logins per the Litmus 2024 MPP guidance.

Where do CAN-SPAM, Gmail rules, and Circular 230 collide?

Three different unsubscribe windows govern the same recipient action. CAN-SPAM requires honoring an opt-out within 10 business days; Gmail and Yahoo require 48 hours; Circular 230 §10.31 retention applies indefinitely once attached to written advice. The architecture that resolves all three: keep marketing and tax advice in different sending streams. Marketing carries the 48-hour Gmail window. Tax advice never enters the marketing stream in the first place — it lives in the engagement-letter system where the §6107 four-year retention regime applies cleanly. The general-audience newsletter then has only one set of rules to obey.

For the upstream content side — what to write each month so the newsletter has something deliverability-worthy to send — the accounting firm content ideas page maps the 20 topic categories to the seasonal calendar. For the cadence question that drives volume, see the CPA newsletter cadence playbook.

Free Sample

See a CPA newsletter that ships with full authentication.

We will write a complete edition for your firm and configure SPF, DKIM, DMARC, and RFC 8058 headers before the first send. No credit card.

Get Your Free Sample

Done For You

Newsletter service for accounting firms.

Weekly during Q1, biweekly the rest of the year. Authentication included. $297–$797 / month. First four editions free.

Newsletter for Accounting Firms

Common Questions

Frequently asked questions

Does the IRS Safeguards Rule require encrypted newsletter delivery?

The FTC Safeguards Rule (16 CFR 314), updated June 2023 to apply explicitly to tax preparers, requires encryption of customer information in transit. A general practice newsletter that contains no client tax data does not fall under that rule. The moment a newsletter is segmented to specific clients with personalized tax content (filing status, refund estimate, entity-specific guidance), Safeguards Rule encryption applies. Practical answer: keep general-audience newsletters general, and route any client-specific tax content through the firm's secure portal — not through the newsletter ESP.

Will the words "IRS" or "refund" send my newsletter to spam?

Not by themselves. Modern Bayesian filters at Gmail and Microsoft score the entire message — sender reputation, authentication pass, recipient engagement, and content together. "IRS" in the body of a newsletter from an authenticated, engaged sender lands in the inbox. The risk is in subject lines that mimic phishing patterns: ALL CAPS, urgent action verbs combined with money amounts ("CLAIM YOUR $4,200 REFUND NOW"), or sender names containing "IRS" or "Treasury." Rewrite the subject line, keep the body, and the deliverability problem disappears.

Does Circular 230 retention apply to my marketing newsletter?

Treasury Department Circular 230 §10.31 retention rules apply to written advice on Federal tax matters provided to specific clients — not to general-audience newsletters. A newsletter explaining the OBBBA passthrough provisions to your full list is not §10.31 written advice. A newsletter segment that tells one client "given your S-corp election, you should accelerate the December bonus" is. Keep general newsletters general; route client-specific advice through engagement letters and the secure portal where the four-year §6107 record-retention regime applies cleanly.

How do I keep tax-document email separate from marketing email?

Two sending streams, two subdomains, two reputations. Tax-document notifications ("your 1040 is ready for review") go through your portal vendor (SafeSend, SmartVault, TaxDome) on a transactional subdomain like notify.firm.com. The marketing newsletter goes through your ESP (ConvertKit, Beehiiv, MailerLite) on news.firm.com. Each subdomain gets its own DKIM selector and its own Postmaster Tools reputation. A spam complaint on the newsletter subdomain does not affect tax-document delivery, and vice versa.

My firm sends to 1,800 individual clients monthly. Do the bulk-sender rules apply to me?

Authentication rules (SPF, DKIM, DMARC at p=none minimum) apply to every sender regardless of volume — Google, Yahoo, and Microsoft all confirmed this. The 5,000-messages-per-day threshold for one-click unsubscribe and the 0.10% spam-rate ceiling kicks in only when crossed. But during a tax-season weekly send to 1,800 clients across all three providers, you can clear 5,000 in a single day if Gmail counts segment around 60% of your list. Plan for the bulk-sender rules during Q1; treat them as optional the rest of the year at your peril.

Macro Hub

CPA newsletter deliverability checklist