Skip to main content
✉️

Email Checklist for AI-Built Apps

Send transactional and marketing emails

When you vibe code email with tools like Cursor, Lovable, Bolt, v0, or Claude Code, the generated code often works in development but misses critical production requirements. This checklist helps you catch what AI missed before you ship.

Danger Zone

high risk

Your perfectly written email is worthless if it lands in spam or never arrives at all

Sending email from your app looks simple — you give it a recipient, a subject, a message, hit send. But email providers are paranoid gatekeepers. They check if your domain is properly verified, if you have a history of sending good emails, if your bounce rate is too high, if your content looks spammy. One wrong move and Gmail silently drops everything you send into spam. You'll never even know.

Failure scenario

You launch your app. Password reset emails work fine during testing. You get your first 100 signups. Then users start complaining they never got their reset email. You check — nothing in spam, nothing bounced. The emails just vanished. Turns out your sending domain wasn't properly configured, so Gmail quietly blocked you after the first 20 emails. Now 80 people can't log in and you're racing to fix DNS records you didn't know existed.

Common mistakes

  • Sending from a personal Gmail/Outlook account instead of your own domain
  • Not setting up SPF, DKIM, and DMARC records (the authentication that proves you're legit)
  • No tracking of bounces and spam complaints, so your sender reputation slowly tanks
  • Sending password resets and marketing emails from the same address (one gets you marked as spam, ruins both)
  • Using words like "free", "urgent", or too many exclamation points that trigger spam filters

Time to break: Immediate to 2 months — problems show up as soon as you hit real volume

How are you building this?

Showing what to check when using a managed service

Audit Prompts

Copy these into your AI coding assistant to check your implementation.

Is your domain properly set up for sending?
reliability
Check our email sending domain configuration. Are SPF, DKIM, and DMARC records set up correctly? Are we sending from our own domain (like hello@ourapp.com) or a generic one? Is the "from" address an actual mailbox someone checks, or a no-reply that bounces? Show me what our current DNS records look like and if anything's missing.

Email providers use these records to decide if you're legitimate or a spammer. Missing even one can cut your delivery rate in half.

Are bounces and spam complaints being tracked?
reliability
Check if we're monitoring email delivery health. When an email bounces (doesn't exist or inbox full), do we record it and stop sending to that address? Are spam complaints tracked? Do we get notified if our bounce rate spikes? Is there a way to see our current sender reputation score?

Every bounce and spam complaint damages your sender reputation. If it gets bad enough, email providers will block everything from your domain.

Are different email types properly separated?
reliability
Check how we categorize our emails. Are transactional emails (password resets, receipts) sent separately from marketing emails (newsletters, promotions)? Do they use different sending domains or subdomains? Are users able to unsubscribe from marketing without losing critical account emails?

If your marketing emails get marked as spam, it can poison your transactional emails too. They should be completely separate.

Can you prove an email was sent and received?
data
Check our email logging and tracking. For critical emails (password resets, payment confirmations), can we see exactly when it was sent, when it was delivered, and if it was opened? If a customer says they never got an email, can we prove we sent it? Is this data kept long enough to investigate disputes?

When a customer says "I never got the email" you need to know if it's a spam filter issue, a typo, or actually your fault.

Checklist

0/10 completed

Smart Move

Use a service

Email deliverability is a full-time job. Services monitor your reputation, handle bounces, warm up your domain, and maintain relationships with inbox providers. The free tiers are generous enough for most apps. Don't try to save $10/month and end up in spam.

Resend

Modern API, React email templates, great for developers — newer but gaining fast

3,000 emails/month free, then $20/month for 50k

Postmark

Best-in-class deliverability for transactional emails (signups, resets, receipts)

100 emails/month free, then $15/month for 10k

SendGrid

Established player with good free tier — marketing + transactional

100 emails/day forever free

Tradeoffs

Services charge per email after the free tier, and you're trusting them to actually deliver. But trying to handle deliverability yourself means becoming an email infrastructure expert.

Did you know?

Only 79% of legitimate marketing emails actually reach the inbox — the other 21% go to spam or get blocked entirely, even when people opted in.

Source: Validity 2024 Email Deliverability Benchmark Report

Related Checks

🔐Authentication

Sign up, log in, password reset, 2FA

🔔Notifications

Push, email, and in-app alerts

⚙️Background Tasks

Process things without making users wait