Missing SPF, DKIM, or DMARC records
This is the #1 reason emails go to spam in 2026 — and it's entirely invisible when you're composing your email. SPF, DKIM, and DMARC are DNS records that live on your domain and tell inbox providers like Gmail and Outlook: "this email is legitimate, we authorized it."
Since February 2024, Gmail and Yahoo made these records mandatory for bulk senders. In late 2025, Gmail escalated from sending warnings to outright rejecting non-compliant emails. Microsoft followed suit in April 2026. If you're missing any of these three records, a significant portion of your emails are being blocked or filtered before they even reach the spam folder — they just disappear.
- SPF — tells providers which servers are allowed to send email on behalf of your domain
- DKIM — adds a cryptographic signature proving the email wasn't tampered with in transit
- DMARC — sets the policy for what happens when SPF or DKIM fails
Check your current SPF, DKIM, and DMARC status instantly — it takes 10 seconds and requires no technical knowledge:
Check your SPF, DKIM & DMARC right now
Enter your domain and get a plain-English report in under 10 seconds. Free, no signup required.
→ Run Free Deliverability CheckYour domain or sending IP is on a blacklist
Spam blacklists (also called DNSBLs) are databases of IP addresses and domains known to send spam. Major inbox providers like Gmail, Outlook, and Yahoo check these lists automatically when deciding where to deliver your email.
The terrifying part: you can end up on a blacklist through no fault of your own. If you use shared hosting or a shared sending IP (common with many email providers), another sender on the same IP can get you listed. You'll have no idea it's happening — your emails just quietly stop reaching inboxes.
Major blacklists include Spamhaus, Barracuda, SpamCop, and SORBS. Being listed on Spamhaus alone can block delivery to billions of mailboxes.
- Run a blacklist check on your domain (use the tool above)
- If listed, fix the root cause first: clean your list, fix authentication, reduce complaints
- Then request delisting — most blacklists have a removal request form
- Consider a dedicated sending IP if you're on shared infrastructure
You're sending from a free email address
Sending business emails from [email protected], @yahoo.com, or @hotmail.com? This is a fast track to the spam folder — especially for bulk or marketing emails.
Free email domains have their own DMARC policies that prevent other services from sending email on their behalf. When your email marketing tool (Mailchimp, Klaviyo, etc.) sends an email "from" your Gmail address, it technically fails DMARC alignment — because Gmail's servers didn't send it, your ESP's servers did.
- Register a custom domain (e.g.
[email protected]) — costs ~$10–15/year - Set up SPF, DKIM, and DMARC on that domain
- Configure your email provider to send from that domain
Poor sender reputation (your "email credit score")
Every domain and IP address has a sender reputation — think of it as a credit score that inbox providers assign based on your email history. High bounce rates, spam complaints, sending to inactive addresses, and inconsistent sending patterns all drag your score down.
Once your reputation drops, all future emails are penalized — even to subscribers who actively want your emails. Reputation damage is slow to earn back: it typically takes 4–8 weeks of consistent, clean sending to recover.
- Clean your email list: remove addresses that haven't engaged in 6+ months
- Check your spam complaint rate — it should stay below 0.1%
- Monitor your domain's reputation using Google Postmaster Tools (free)
- Reduce sending frequency temporarily while reputation recovers
Sending to a dirty or unverified email list
A "dirty" list contains invalid addresses, typos, role addresses (info@, noreply@), and worst of all — spam traps.
Spam traps are email addresses that look real but are operated by blacklist providers to catch senders with poor list hygiene. Sending to even one spam trap can get your domain blacklisted almost immediately. They're planted in purchased lists, collected on expired domains, and scraped from websites.
The rule in 2026 is simple: list quality beats list size, every time.
- Never buy or rent email lists — ever
- Verify your list with a tool like NeverBounce, ZeroBounce, or Hunter.io before sending
- Use double opt-in to confirm subscribers are real
- Remove hard bounces immediately and soft bounces after 3 attempts
- Sunset subscribers who haven't opened in 6 months
Spam trigger words in subject lines or content
Certain words and phrases consistently trigger spam filters. While modern filters are smarter than simple keyword matching, the combination of trigger words + other negative signals will get you filtered fast.
Common offenders: ALL CAPS, excessive exclamation marks!!!, "FREE", "Winner", "Guaranteed", "Click here", "No risk", "Act now", "Limited time offer". The goal is to sound like a human, not a late-night infomercial.
- Write subject lines the way you'd text a colleague
- Avoid excessive punctuation and ALL CAPS
- Test your email through mail-tester.com before sending
- One to two links per email is fine; 10+ looks spammy
- Don't hide text (white text on white background — filters catch this)
Low engagement rates signal "nobody wants this"
Modern inbox providers don't just check your technical setup — they watch how recipients interact with your emails. Low open rates, no clicks, no replies, and (worst of all) spam complaints teach Gmail and Outlook that your emails are unwanted. Over time, they start routing your emails to spam preemptively, even for subscribers who haven't complained.
This is why a healthy, engaged list of 2,000 subscribers will always outperform a bought list of 50,000 cold contacts. Inbox providers are essentially learning from user behavior at scale.
- Segment your list — only send relevant content to people who care about that topic
- Re-engagement campaigns: send a "Still want to hear from us?" email to inactive subscribers
- Remove non-responders — it feels counterintuitive but improves deliverability for everyone else
- Send at consistent intervals so subscribers recognize your name
- Use plain-text or lighter-HTML emails — they feel more personal and get higher engagement
Broken or poorly coded HTML in your email
Email HTML is not webpage HTML — it has strict constraints and even small errors can trigger spam filters. Common problems: copying a template from the internet that has hidden tracking code, using CSS that isn't email-safe, having too many images and very little text, or sending an email that's essentially just one giant image with no text (a classic spammer tactic).
- Aim for a 60:40 text-to-image ratio at minimum
- Always include alt text on images
- Validate your HTML using mail-tester.com
- Use your ESP's built-in email builder rather than custom HTML unless you know email HTML well
- Don't use JavaScript or forms — they're blocked in email clients
Missing, hidden, or broken unsubscribe link
Not having a clearly visible unsubscribe link isn't just bad practice — it violates CAN-SPAM (US), GDPR (EU), and CASL (Canada). Gmail and Yahoo explicitly require a one-click unsubscribe header for bulk senders since 2024.
When subscribers can't easily unsubscribe, they hit "Report Spam" instead. One spam complaint carries roughly 1,000× the negative weight of an unsubscribe. Make it easy to leave — it protects everyone who stays.
- Include a clear, prominent unsubscribe link in every email footer
- Honor unsubscribe requests within 10 business days (US law) — ideally instantly
- Implement the
List-Unsubscribeheader (your ESP should do this automatically) - Don't make people log in or fill out a survey to unsubscribe
Sudden spikes in sending volume
Inbox providers expect natural, consistent sending patterns. If your domain normally sends 200 emails a week and you suddenly blast 50,000 in a single day — that looks exactly like a compromised account or a spammer warming up a fresh domain.
This is also why new domains need a "warm-up" period: you can't start sending 10,000 emails on day one. You need to gradually increase volume over 4–8 weeks to build trust with inbox providers.
- Ramp up sending volume gradually — no more than doubling your volume each week
- For new domains: start with your most engaged subscribers only, then expand
- Maintain a consistent sending schedule — sporadic sending looks suspicious
- If you need to send a large one-time blast, split it into segments over several days
Quick self-check: find the problem in 10 seconds
The fastest way to diagnose why your emails are going to spam is to check the technical foundation first — because SPF, DKIM, DMARC, and blacklist issues account for the majority of deliverability problems in 2026, and they're completely invisible without a dedicated tool.
✅ Email Deliverability Checklist
Check the technical items automatically — free
Run your domain through InboxCheck to verify SPF, DKIM, DMARC, and blacklist status in one click. Results in plain English with exact fix instructions.
→ Check My Domain NowThe bottom line
The most frustrating thing about email deliverability is that your emails can look perfect — well-written, to a subscribed list, with great offers — and still end up in spam because of an invisible DNS record or a shared IP that someone else abused.
Start with the technical foundation. SPF, DKIM, and DMARC are now non-negotiable — not optional extras. Check your blacklist status regularly. Keep your list clean. And send emails that people actually want to open.
Fix those fundamentals and you'll see inbox placement improve within days for the technical issues, and within weeks for the reputation-based ones. Email marketing still delivers some of the highest ROI of any channel — but only when your emails actually arrive.