List hygiene: the six-rule policy

If you're newer to lifecycle, here's the shape of the problem. Your list — the set of email addresses you're allowed to send marketing to — degrades constantly. People change jobs. Mailboxes fill up. Inboxes go abandoned. Some users mark you as spam without unsubscribing. Every one of those events sends a quiet signal to mailbox providers (Gmail, Outlook, Yahoo) about how trustworthy you are as a sender. Pile enough negative signals on and your reputation drops; once it drops, even the people who want your mail stop seeing it.

So the question isn't whether to clean. It's when. Most teams treat hygiene as a project — a quarterly tidy-up triggered by something going visibly wrong. That's the cleanup model, and it's reactive by definition. By the time the bounce rate alarm fires, the reputation has already taken the hit. Policy is the alternative: automatic rules that keep the list healthy without anyone having to remember. The six below can be encoded as Braze segments or event-based automations — Braze being the lifecycle marketing platform Orbit's opinionated about, though every rule here translates one-for-one to Iterable, Customer.io, or any other modern ESP (email service provider — the tool that actually sends your mail).

Each rule maps to one specific way list quality degrades, and each runs continuously rather than as a chore. The point isn't to have a hygiene project. The point is to never need one.

How often should you run list hygiene? Continuously. Each of the rules below is an automatic segment or event trigger, not a monthly cleanup job. Quarterly audits — confirming the rules are still firing as intended — are the only manual touch, and the lifecycle audit checklist covers them.

The Deliverability Management skill covers the reputation mechanics these rules protect. Each rule is optimising one of those mechanics directly.

A hard bounce — an email rejection that signals the mailbox is permanently unreachable, as opposed to a temporary failure — has told you the address doesn't exist, has been disabled, or has an irreversible delivery problem. Send again and you produce another bounce, another negative reputation signal, and zero chance of a response. The maths is never close.

What to do: on any hard bounce, move the user's email subscription to permanently unsubscribed from marketing, and flag the profile so manual re-subscription requires verification. Do not send marketing mail to the address ever again.

Transactional sends — password resets, security alerts, the messages a user actively triggered themselves — can continue, so the user can recover their account if they need to. Anything marketing-flavoured is suppressed permanently. This is one of the few places where "one strike and you're out" is the right policy, because the strike is a fact, not a judgment call.

Soft bounces are the recoverable cousin of hard bounces — a full mailbox, a server hiccup, a temporary problem the mail system might fix on the next attempt. In principle, retrying is fine. In practice, three in a row almost always means the mailbox is abandoned or the provider is quietly treating your mail as spam-adjacent. Either way, continuing past that is a reputation drain with no conversion upside.

What to do: three consecutive soft bounces flags the user for suppression from marketing sends. Re-evaluate if the user engages — opens, clicks, visits the product — within 30 days. Otherwise confirm the suppression permanently.

Sunsetting is the practice of ending marketing sends to users who've gone silent for long enough that they're statistically not coming back. It's the rule programs resist hardest, because every active subscriber feels like one you might still convert. The graveyard of past lifecycle programs disagrees.

180 days is the default floor for sunset. Aggressive programs sunset at 90; conservative programs at 365. The right threshold reflects your natural engagement cadence — a weekly product can sunset at 90 days, a quarterly product needs 365+. Pick the number that matches how real humans use the product, not an arbitrary round.

What to do: users with no engagement signal (opens, clicks, product visits, transactions) in 180 days move to a "quiet list" that receives at most one re-engagement message per quarter. Engage, back to active. Two re-engagement messages with no response, permanent sunset.

Expect the list to shrink 5–15% on first implementation for programs that haven't run hygiene before. That's the dead weight. Engagement rate, deliverability, and revenue-per-send all improve as a result. A smaller engaged list outperforms a larger unengaged one on every metric except raw size, and raw size is a vanity number that correlates negatively with sender reputation past a certain point.

The win-back flows guide covers the re-engagement sequences that run before final sunset — the safety net that catches users who would have come back if asked.

A user marking an email as spam is the single strongest negative signal in deliverability. Everything else — bounces, unsubs, low opens — is a rounding error next to a complaint. The mechanism: mailbox providers run feedback loops (FBLs — automatic notifications when a user hits the "spam" button) that pipe the complaint straight back to the sender. Mailbox providers also weigh complaint rate heavily when deciding whether to keep delivering your mail to inboxes at all. Continue sending after a complaint and the next one compounds the reputation damage. Sender reputation can drop fast if complaint rates climb above ~0.1% — roughly one complaint per thousand sends.

What to do: on any complaint received via FBL from major ISPs (internet service providers, the Gmail-Outlook-Yahoo crowd that operates the inboxes), suppress the user from marketing and transactional sends immediately. No re-evaluation, no re-subscription prompt. They've told you they don't want your mail; continuing is at best bad manners and at worst a regulatory problem.

Can suppressed users re-subscribe? For 180-day sunsets, yes — automatically on any engagement signal within the grace period. For hard bounces, spam complaints, and traps, re-subscription requires a manual verification step, usually double-opt-in (the user clicks a confirmation link in a verification email before they're re-added). The friction is intentional. These are permanent suppression triggers for good reason.

Role accounts (info@, sales@, support@) are inbox addresses that route to a team rather than a person. They're usually monitored by multiple people, rarely opted in by the role-owner intentionally, and a known source of complaints — somebody on the rotation gets your mail, doesn't recognise it, hits spam. Some mailbox providers treat heavy volume to role accounts as a reputation signal in its own right, and not a good one.

What to do: role accounts are suppressed from marketing sends by default. Transactional still goes through. If a specific role account has been explicitly subscribed by an authorised user, flag it for inclusion — but make explicit opt-in the requirement, not the absence of objection.

Spam traps are email addresses owned by mailbox providers or anti-spam organisations that exist for one purpose: catching senders who acquired list data through dubious means. The taxonomy: pristine traps (addresses that have never been used by a real person, so any mail to them proves the sender scraped or guessed), and recycled traps (formerly real addresses that went dormant and were later reactivated as traps, so any mail to them proves the sender hasn't honoured engagement signals). Either way, landing mail in a trap is a major negative signal — and it's usually the tip of a larger iceberg, because traps rarely arrive alone.

What to do: if a third-party deliverability service flags a spam trap in your list (or a pattern suggests one), immediately investigate the source of the address and remove it. Then review the acquisition path — you likely have other similar addresses you haven't identified. Never knowingly send to an address you can't trace to a real opt-in.

How do you spot traps proactively? Third-party deliverability services (Validity, Email on Acid, etc.) run trap monitoring as a paid product. Signs you might have traps without a service: sudden deliverability drops, specific ISPs blocking you, or patterns of addresses that never open, never click, and have suspicious domains. Audit the acquisition path behind anything suspicious. Almost always the trap got in through a channel that skipped consent confirmation — a public sign-up form with no double-opt-in, a CSV import from a deal that didn't verify provenance, an old lead-gen widget on a page nobody's touched in years.

Each rule becomes a Braze segment or a Braze-managed attribute flag — a saved query that defines who's in or out of a given audience, evaluated continuously. Hard bounce → excluded from all marketing. Soft-bounce-thrice → excluded. 180-day dormant → excluded from broadcasts, included in re-engagement only. Complaint → excluded permanently. Role-account → excluded by default. Spam trap → excluded and flagged for investigation.

A policy is only useful if it's enforced automatically. Write the six rules down, encode them as the six segments, and audit each quarter that they're still firing as intended. That's the whole job. Teams that skip the documentation end up with rules that drift — someone loosens a threshold for a specific campaign, nobody tightens it back, six months later the policy exists on paper but not in production.

One decision rule, if you take nothing else from this guide: if you can't name the six segments enforcing your hygiene policy in the next ten seconds, you don't have one. Go write them down before Monday.