email-best-practicesUse when building email features, emails going to spam, high bounce rates, setting up SPF/DKIM/DMARC authentication, implementing email capture, ensuring compliance (CAN-SPAM, GDPR, CASL), handling webhooks, retry logic, or deciding transactional vs marketing.
Install via ClawdBot CLI:
clawdbot install christina-de-martinez/email-best-practicesGuidance for building deliverable, compliant, user-friendly emails.
[User] β [Email Form] β [Validation] β [Double Opt-In]
β
[Consent Recorded]
β
[Suppression Check] βββββββββββββββ[Ready to Send]
β
[Idempotent Send + Retry] βββββββ [Email API]
β
[Webhook Events]
β
ββββββββββ¬βββββββββ¬ββββββββββββββ
β β β β
Delivered Bounced Complained Opened/Clicked
β β
[Suppression List Updated]
β
[List Hygiene Jobs]
| Need to... | See |
|------------|-----|
| Set up SPF/DKIM/DMARC, fix spam issues | Deliverability |
| Build password reset, OTP, confirmations | Transactional Emails |
| Plan which emails your app needs | Transactional Email Catalog |
| Build newsletter signup, validate emails | Email Capture |
| Send newsletters, promotions | Marketing Emails |
| Ensure CAN-SPAM/GDPR/CASL compliance | Compliance |
| Decide transactional vs marketing | Email Types |
| Handle retries, idempotency, errors | Sending Reliability |
| Process delivery events, set up webhooks | Webhooks & Events |
| Manage bounces, complaints, suppression | List Management |
New app?
Start with the Catalog to plan which emails your app needs (password reset, verification, etc.), then set up Deliverability (DNS authentication) before sending your first email.
Spam issues?
Check Deliverability firstβauthentication problems are the most common cause. Gmail/Yahoo reject unauthenticated emails.
Marketing emails?
Follow this path: Email Capture (collect consent) β Compliance (legal requirements) β Marketing Emails (best practices).
Production-ready sending?
Add reliability: Sending Reliability (retry + idempotency) β Webhooks & Events (track delivery) β List Management (handle bounces).
Generated Mar 1, 2026
A new online store needs to set up transactional emails like order confirmations and shipping notifications while ensuring deliverability to avoid spam folders. They must implement SPF/DKIM/DMARC authentication and comply with GDPR for EU customers.
A software service requires email verification, password resets, and welcome sequences to onboard users. They need to handle retry logic for reliable sending and track engagement via webhooks to optimize the flow.
An organization plans to send newsletters and donation appeals, requiring double opt-in consent under CASL and CAN-SPAM. They must manage suppression lists to handle bounces and complaints effectively.
A bank or fintech company sends transaction alerts and security notifications, needing high reliability with idempotent sends and strict adherence to compliance regulations like GDPR for data protection.
A platform sends event invitations, reminders, and follow-ups, blending transactional and marketing emails. They must differentiate email types and implement list hygiene to maintain sender reputation.
Companies charge monthly fees for software access, relying on email for user engagement, billing notifications, and feature updates. This model benefits from transactional email reliability and marketing email upsells to drive retention.
Platforms facilitate sales between buyers and sellers, generating revenue from transaction fees or commissions. Email is critical for order processing, customer support, and promotional campaigns to boost sales volume.
Businesses monetize through ads, subscriptions, or sponsored content, using email newsletters to drive traffic and engagement. They focus on email capture for audience growth and compliance with opt-in regulations.
π¬ Integration Tip
Start by setting up DNS authentication (SPF/DKIM/DMARC) before sending any emails to avoid spam issues, and implement webhooks early to track delivery events for better list management.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.