Dunning emails sit in a strange category of marketing copy. They're not promotional, but they're not purely transactional either. The customer didn't ask for them. They land in the inbox to deliver news the recipient wasn't expecting — your card didn't go through — and the entire success of the message depends on how that news lands. Get the tone right and you recover a high share of failed payments without the customer ever feeling pressured. Get it wrong and you either generate complaints (too aggressive) or get ignored (too soft). This guide covers what works: the four-email sequence that paces the recovery, the subject lines that earn opens without screaming, the body copy that explains the problem in plain English, the CTA that gets clicked because it's stupid-simple, and the deliverability tweaks that prevent the whole sequence from landing in spam. For the upstream strategic decisions about when these emails fire and how the retry logic decides which one to send, read our dunning management guide.
Why dunning emails are different from other emails
A promotional email is read by a customer who chose to be on your list. They're in a buying mindset, or at least an exploratory one. A transactional email (order confirmation, shipping notification) is expected — the customer just did the thing that triggered it, so the email's arrival makes sense.
A dunning email is neither. The customer didn't trigger it intentionally. They probably don't know yet that anything went wrong — most card failures happen invisibly to the customer side. From their perspective, your email is the first signal something is off. That changes the writing job in a few specific ways: the email has to carry context the recipient doesn't have, deliver news that might feel mildly alarming, and motivate an action (update the card) without escalating the alarm into panic or annoyance.
Two failure modes bracket the writing problem. Write the email too softly and the customer doesn't realise they need to act — the open rate is fine but the click-through is dismal. Write it too aggressively and the customer panics, suspects fraud (your dunning email looks indistinguishable from a phishing attempt), and either reports it or ignores it. The sweet spot is matter-of-fact, helpful, and brief.
The tone that recovers the most cards across consumer-goods subscriptions sounds like a polite reminder, not a collections notice. "Hey, your card on file just stopped working — here's a link to update it" recovers more revenue than "URGENT: Payment Failed — Action Required." Most failures are genuine and innocent. Write like you know that.
The four emails in a recovery sequence
A recovery sequence with too few emails leaves recoverable revenue on the table. A sequence with too many trains the customer to ignore everything from your brand. Four emails over 14 days is the cadence that consistently recovers the most without crossing the harassment line.
- Email 1 — Notification (T+0 to T+1 day): the friendly first heads-up. Calm, informational, one CTA. Sets expectations that you'll try again.
- Email 2 — Reminder (T+3 to T+5 days): the gentle nudge. Restates the problem with slightly more specificity ("we tried again and it still didn't go through") and the same CTA.
- Email 3 — Urgency (T+7 to T+10 days): the helpful escalation. Introduces a soft deadline ("if we can't process this by [date], we'll have to pause your subscription"). Still helpful in tone, but the stakes are clearer.
- Email 4 — Last chance (T+14 days): the final pre-cancellation message. Clear about what's about to happen and how to prevent it. Includes a way back if they want one.
Each email needs a distinct angle — sending the same message four times with progressively louder fonts is the path to inbox blindness. Email 1 is reassuring (don't worry, this happens). Email 2 is informational (here's what's still pending). Email 3 introduces consequences (here's what happens if we can't fix this). Email 4 is the clear final call. The customer should be able to tell which email they're getting at a glance.
If the original failure was a hard decline (expired card, lost/stolen), the underlying retries aren't going to recover the card — only the customer can. There's no value in waiting until T+7 to escalate. For hard declines, compress the sequence: email 1 immediately, email 2 at T+3, email 3 at T+7 with the final-call language, skip email 4. The customer's action is the only thing that can recover this payment, so don't waste their attention waiting for retries that can't help.
Subject lines that get opened (without screaming)
The subject line is the only thing standing between your email and the trash folder. Across subscription dunning email performance, two consistent patterns emerge: subject lines that read like phishing attempts get reported (and hurt your sender reputation), and subject lines that sound boring get ignored. The middle path is specific, calm, and slightly personal.
Specifically: avoid all-caps anywhere, avoid the word "URGENT," avoid exclamation points, avoid "ACTION REQUIRED." These trigger spam filters and customer suspicion in roughly equal measure. What works is plain language that names the specific product, a soft hint at the issue, and an implied call to action — without ever sounding alarming.
GOOD subject lines (open rate typically 40-55%):
Quick question about your Premium Coffee Blend subscription
Your March coffee order needs a small thing from you
We hit a snag with your latest subscription order
Heads up — your card on file might need an update
Your next box is on hold — quick fix inside
BAD subject lines (open rate typically below 25%, spam reports common):
URGENT: Payment Declined — Action Required Immediately
*** FINAL NOTICE *** Your Account Will Be Suspended
PAYMENT FAILED. Update your card NOW.
Re: Re: Re: Your overdue subscription payment
IMPORTANT: Failure to act will result in cancellationPersonalisation in the subject line lifts open rates measurably, but only the kind that actually means something. The customer's first name is fine. The product name they subscribe to is better ("your Premium Coffee Blend" is more identifying than "your subscription"). What doesn't help: their order number, an internal SKU, anything that looks like a system identifier — those make the email look automated in a bad way.
The sender name shows up in the inbox before the subject. "SimpleSubscription Billing" is impersonal and forgettable. "Anna from [Your Store]" or just "[Your Store]" performs significantly better. Pick a sender name that matches the rest of your customer email (the order confirmations, the shipping updates) — consistency reinforces "this is the same store I bought from."
The body — what to include and what to cut
Dunning email bodies suffer from the opposite problem of subject lines: where subject lines tend to over-escalate, bodies tend to under-explain. The customer arrives in the email with one question — what happened and what do I do about it — and the email needs to answer both within the first scroll.
The structure that performs best is straightforward: a one-sentence summary of what happened, a sentence of context (why this might have happened in plain English, not jargon), the specific product and date so the customer can identify it, and a single prominent button to fix it. That's the entire email. Everything else is friction.
EXAMPLE — Email 1 (Notification) body:
Hi [Name],
We tried to charge your card for your monthly Premium
Coffee Blend order on May 3 but it didn't go through.
This usually means the card on file has expired, was
replaced, or the bank flagged the charge — nothing
unusual, and easy to fix.
[Button: Update your card]
We'll automatically retry in a few days. If you've
already updated your card, you can ignore this email.
Thanks,
[Your Store]
— under 75 words, one button, one outcome.- Lead with the specific product name — "your Premium Coffee Blend" not "your subscription"
- Include the renewal date — anchors what the customer is looking at and improves credibility
- Explain in plain language why it happened — "card may have expired, been replaced, or been flagged" works better than a decline code
- One button, one outcome — never give the customer a choice between two actions; choice creates friction
- End with a soft reassurance — "if you've already fixed this, you can ignore this email" removes the worst-case anxiety
Customers don't care that the issuer returned "card_velocity_exceeded" — they don't know what that means and seeing technical jargon makes the email feel scammy. Translate to plain English: "your bank temporarily flagged the charge — try again or update the card on file." The decline code belongs in your internal logs, not in customer correspondence.
The CTA — make it stupid simple
The single biggest source of dropped recoveries isn't the email copy — it's the CTA destination. Customers click the "Update your card" button, land on a generic login page, can't remember their password, and abandon. Recovery rates drop precipitously every extra step between the email and the card-update form.
The right design is a magic-link URL that authenticates the customer automatically and drops them directly on a one-page card-update form with their existing details (name, email, address) pre-filled. They enter the new card details, click Update, and they're done. No login, no password reset, no two-factor friction, no navigating from "My Account" to "Billing" to "Payment Methods." Just the one form, with the new card going to Shopify Payments via a tokenisation flow.
- Magic-link auth — the email's button URL signs the customer in via a short-lived token. No password
- One-page card form — no menus, no navigation, just the form with the existing card's last 4 visible so they know what they're replacing
- Pre-filled billing address — pulled from their existing customer record, editable but defaulted
- Confirmation on success — clear "you're all set — your next order ships [date]" message after they update
- Auto-retry on update — when the new card is saved, automatically retry the pending failed charge so the recovery completes immediately, not at the next scheduled retry
Most dunning email problems aren't in the email — they're in the click-through. Send a test dunning email to your own phone, open it in your real email client (not the email-builder preview), tap the button, and see what happens. If you needed to log in, if the form was unreadable on mobile, if the success state was unclear — that's exactly what's happening to your real subscribers and exactly why your recovery rate is lower than it should be.
Tone — helpful, not punishing
The default tone in dunning copy across the industry skews towards collections-letter language: "action required," "your account is delinquent," "final notice," "failure to act will result in." That tone is wrong for almost every subscription business, because it assumes a relationship between merchant and customer that doesn't exist — these aren't loans, they're consumer-goods subscriptions where most failures are mundane card-replacement events.
The right tone is much closer to how a small-business owner might write to a regular customer. Calm, helpful, slightly apologetic for the inconvenience, with a clear path to fix it. Customers receiving this tone update their card without resentment; customers receiving collections-style language update their card with resentment, if at all, and cancel the subscription at the next renewal anyway.
- Avoid — "failure," "declined," "overdue," "action required," "final notice," "suspended," "delinquent," "unauthorised"
- Use — "didn't go through," "hit a snag," "needs an update," "quick fix," "heads up," "on hold," "a small thing"
- First-person, plural — "we tried to charge" not "your account was charged"; sounds like a person, not a system
- Apologise lightly once, don't grovel — "sorry for the hassle" is fine; "we deeply apologise for any inconvenience" reads as automated
Personalisation that matters (and what's noise)
Email service providers love to sell personalisation as a feature. In dunning, only a few personalisation tokens actually move recovery rates. The rest are noise — they don't hurt, but they don't help, and overdoing personalisation makes the email feel more automated, not less.
Personalisation that moves the needle: the customer's first name in the greeting, the specific product name ("your Premium Coffee Blend" not "your subscription"), the renewal date or last order date, and the last 4 digits of the card on file so they know exactly which card to update. Each of these grounds the email in something specific and verifiable — which is the opposite of a phishing email's vague language and helps with trust.
Personalisation that doesn't help: their birthday, their location, the weather where they live, AI-generated "product recommendations" in the email body, the order count ("this would be your 7th order"), or any token that feels like surveillance more than service. Save those for marketing emails, where the customer has opted into a conversation. In dunning, they distract from the one action you want them to take.
- First name in greeting
- Specific product name (the one they subscribe to)
- Last 4 digits of the card that failed (so they can identify it)
- Date of the failed charge or upcoming renewal
- A direct link that doesn't require login (magic-link auth)
Send time — when payment emails actually get opened
Payment-related emails follow a different open-time pattern than promotional ones. Marketing emails peak in the early morning (the inbox-check before work) and early evening (after dinner). Payment emails peak between 10am and 2pm in the recipient's local timezone — the window when people are at their computers and willing to deal with administrative tasks.
The trap most subscription stores fall into is sending dunning emails at whatever UTC time the cron job runs. If your cron fires at midnight UTC, your American West Coast customers receive the email at 4pm Pacific (decent), your East Coast customers at 7pm (mediocre), your UK customers at midnight (terrible). Scheduling sends to local-time mid-morning where you can lift open rates a few percentage points without changing anything else.
Day of the week matters too. Weekday sends outperform weekend sends — payment admin is something people do at work, not on a Saturday. Tuesday through Thursday is the sweet spot. Friday afternoons and weekend mornings have notably lower open rates.
Deliverability — why dunning emails land in spam more often
Dunning emails have a deliverability problem that ordinary marketing emails don't share. They contain trigger words spam filters watch for ("payment failed," "card declined," "action required," links to update payment methods), they ask the recipient to take a financial action, and they often come from a low-volume sender (the dunning workflow only fires for the ~5-10% of subscribers with failed payments). All three signals push the email closer to the spam folder than a typical promotional broadcast.
Three technical fixes mitigate most of this, and they should be set up before any dunning sequence goes live. Skipping them is the single most common reason a well-designed dunning sequence underperforms.
- SPF — Sender Policy Framework. A DNS TXT record on your sending domain that lists which servers are authorised to send mail from you. Missing or misconfigured SPF is the single most common reason dunning emails land in spam
- DKIM — DomainKeys Identified Mail. A cryptographic signature on each outgoing email proving it actually came from your domain. Configured in DNS plus on your email service
- DMARC — Domain-based Message Authentication. A DNS policy that tells receiving mail servers what to do with messages failing SPF or DKIM. Start with policy=none for monitoring, move to quarantine or reject once SPF + DKIM are confirmed clean
- Custom sending domain — don't send from your subscription app's domain ("@simplerecurring.app"); send from your own ("[email protected]"). Customers recognise it, filters trust it more
- Warmed-up IP — if you're sending a high volume of dunning emails for the first time, ramp up gradually. A cold IP suddenly sending thousands of "payment failed" emails looks like a phishing campaign to receiving servers
Free tool that grades your email on SPF, DKIM, DMARC, spam-trigger words, link reputation, and image-to-text ratio. Aim for 9/10 or higher before the first dunning email goes live to a real customer. Re-test any time you change the sender domain, the template, or the email service provider.
A/B testing your dunning emails — what to test and what's noise
Dunning emails are a great surface for A/B testing because the outcome metric — recovery rate — is unambiguous (the card got updated and the charge succeeded, or it didn't) and the volume is steady. But most stores test the wrong things, get noise-level results, and conclude that testing doesn't work.
- Worth testing — subject line (biggest single lever), sender name, send time of day, length of body (50 vs 100 vs 150 words), button text ("Update your card" vs "Fix this in 30 seconds")
- Not worth testing — button colour, header image vs no image, font choice, exact greeting ("Hi" vs "Hello"). The effect size on dunning emails is too small to measure reliably
- Test one thing at a time — multivariate tests on a sample of 200 dunning emails per month are statistically meaningless
- Wait for significance — at typical subscription volumes, a meaningful test result takes 4-6 weeks. Calling the winner after 50 sends is just superstition
The highest-impact thing to test is usually the email-2 subject line — email 1 has high open rates regardless (customers are curious), so subject-line gains are marginal there, but by email 2 customers are tuning out and a better subject line can lift open rate substantially. Email-2 subject is where most of the recoverable lift actually lives.
Mobile-first design — almost every open is on a phone
A practical reminder that contradicts how most email templates are built: the overwhelming majority of dunning email opens happen on mobile. A template designed to look great in Gmail desktop preview may render badly on a phone screen, and the customer-update flow you so carefully built breaks down at the smallest screen size.
- Single-column layout — multi-column tables collapse unpredictably on mobile; stick to one vertical flow
- Button minimum 44px tall — Apple's accessibility guideline; smaller buttons are hard to tap accurately
- Body text minimum 16px — anything smaller forces zoom; people who zoom in to read tend to leave
- Logo height under 80px — large logos push the actual content below the fold on small phones
- No background images on the CTA — many mobile mail apps block background images by default; a button with a coloured fill is more reliable than one with an image
- Test in dark mode — system-wide dark mode is increasingly common; black text on a transparent background renders white on white and disappears
An image-based button is unclickable when images are blocked (which happens by default in many email clients), unreadable at high DPI, and inaccessible to screen readers. Use an HTML button with text and a background colour, or a bulletproof button (table-cell with background colour). Every dunning email that ships with an image-button tends to have measurably worse click-through than the same design with a real HTML button.
Dunning email questions
What subject line works best for dunning emails?
Calm and specific outperforms urgent and vague. "Quick question about your [Product Name] subscription" or "Your March order needs a small thing from you" tends to land in the 40-55% open-rate range. Anything with ALL CAPS, URGENT, or ACTION REQUIRED trips spam filters and customer suspicion roughly equally and consistently underperforms.
Should I use SMS instead of email for dunning?
SMS can be a useful supplement to email but rarely a replacement. The legal/opt-in requirements for SMS are stricter (TCPA in the US, explicit consent in most jurisdictions), and not every customer opted into SMS at signup. Most successful programs run email-first and add SMS only for the urgency-stage notifications, and only for customers who explicitly opted in.
How often should dunning emails go out?
Four emails over 14 days is the sweet spot for most consumer-goods subscriptions. Less than three leaves recovery on the table; more than five trains customers to ignore your sender entirely. Compress for hard declines (expired/lost cards) where retries can't help and only customer action can.
Do customers hate dunning emails?
Not if they're written well. Open rates on dunning sequences are typically much higher than promotional emails (45-60% on email 1) because they're transactional in nature — the customer recognises something is happening with their account. Customers complain when the tone is aggressive, the email looks like a scam, or the update-card flow is broken — not because dunning emails exist.
What's the open rate on a typical dunning sequence?
Email 1 typically opens at 45-60%, email 2 at 30-40%, email 3 at 20-30%, email 4 at 15-25%. The curve flattens after email 3, which is why a fifth or sixth email rarely adds much. Watch for any single email dropping below 25% — usually a deliverability or subject-line problem.
Should I personalise dunning emails?
Yes, but only with information that's actually useful: first name, product name, renewal date, last 4 of the card. Adding birthday wishes, weather, or AI product recommendations to a payment-failure email is noise — it doesn't lift recovery and makes the email feel more automated, not less.
What's the best CTA text?
Specific verbs outperform generic ones. "Update your card" beats "Click here." "Fix this in 30 seconds" beats "Manage subscription." The button should describe the action the customer is about to take, ideally with a hint at how easy it is. Test 2-3 variants — this is one of the few details where A/B testing produces measurable lift.
How long should the email body be?
Under 100 words for email 1. Under 150 for emails 2-4. Customers open dunning emails on mobile and scan, not read — anything longer than one phone screen pushes the CTA below the fold and tanks click-through. If you find yourself writing a third paragraph, cut it.
Should the email come from a person or the brand?
From the brand, but with a person's name as the sender. "Anna from [Your Store]" or "[Your Store] Billing" outperforms either pure brand ("[Your Store]") or pure person ("Anna Smith") on dunning specifically. Customers trust personal-feeling senders more, but a fully personal sender feels weird for a transactional email about their card.
What if the customer replies to the dunning email?
Make sure replies actually go somewhere a human reads. "noreply@" sender addresses on payment-related emails are an anti-pattern — customers reply with "my card was just replaced, can you charge the new one?" and the email bounces into the void. Either route replies to your support inbox or use a real reply-to address that someone monitors.
Why do my dunning emails land in spam?
Almost always a deliverability setup issue — missing SPF, DKIM, or DMARC, sending from a domain not authorised in DNS, or a custom sending domain that hasn't been warmed up. Less often, it's the subject line or body containing too many spam-trigger words. Run mail-tester.com on a sample email to diagnose; aim for 9/10 or higher before launch.
Should I include the failed amount in the email?
Yes — it grounds the email in something specific and verifiable, which helps both trust and clarity. "We tried to charge $34.99 for your Premium Coffee Blend on May 3" is more credible than "your subscription payment failed." Just don't include any other financial detail (card number, bank name) that could make the email look like phishing.