Why Are My Emails Going to Spam? (And How to Fix It)
Most spam folder problems have a specific, diagnosable cause. A 20-year deliverability veteran walks through the 7 most common reasons and how to fix each one.
Why Are My Emails Going to Spam? (And How to Fix It)
Most email deliverability problems have a specific, diagnosable cause. Not ten causes. Not a vague cocktail of "best practices you're probably ignoring." Usually one or two things that, once you find them, explain everything.
I've spent over 20 years diagnosing these problems for companies ranging from startups to Fortune 500 brands. The pattern is almost always the same. Something changed, nobody noticed, and now a meaningful percentage of email is landing in spam instead of the inbox. By the time someone Googles "why are my emails going to spam," they've usually been losing money on it for weeks.
Last month a client came to me after noticing a 30% drop in email revenue over six weeks. Their open rates had cratered and they assumed it was a content problem. Maybe their subject lines had gotten stale. It wasn't content. A third party tool they'd added to their sending domain had broken their SPF record, and every major mailbox provider was routing their messages to spam. One DNS fix, and they were back in the inbox within a week.
That's how most of these stories go. The fix is usually straightforward once you find the actual problem and improve your email deliverability at the source. This guide walks through the most common causes in roughly the order I'd check them.
Why are my emails going to spam?
The seven most common reasons emails go to spam are:
- Missing or broken email authentication (SPF, DKIM, DMARC)
- Damaged sender reputation
- Poor list quality or bad data
- Content triggering spam filters
- Sending infrastructure issues
- ISP-specific filtering rules
- No diagnostic process in place
Most spam problems trace back to the first three.
1. Your authentication is missing or broken
Email authentication is how mailbox providers verify that you're actually who you say you are. Without it, you're essentially sending mail with no ID. Some providers will still deliver it. Most won't.
There are three protocols that matter: SPF, DKIM, and DMARC. SPF tells receiving servers which IPs are allowed to send on behalf of your domain. DKIM attaches a cryptographic signature to each message proving it hasn't been tampered with. DMARC ties SPF and DKIM together and tells providers what to do when authentication fails.
All three need to be set up. All three need to be set up correctly. That second part is where most companies run into trouble.
The most common authentication mistakes I see:
Too many SPF lookups
SPF has a hard limit of 10 DNS lookups. Every third party service you authorize (your ESP, your CRM, your transactional email provider, your helpdesk) adds lookups. Once you cross 10, the entire SPF record breaks. Not just for the eleventh service. For everything. I see this in probably 40% of the audits I run. Companies add services over time, nobody's watching the lookup count, and one day the whole thing silently fails.
DKIM not configured for every sending service
You set up DKIM for your main ESP but forgot about the CRM that sends order confirmations, or the HR platform sending onboarding emails from your domain. Every service that sends as you needs its own DKIM signing. The unsigned messages are the ones that get flagged.
DMARC still at p=none when you have a spoofing problem
To be clear: no mailbox provider is going to penalize you for having a p=none DMARC policy. Monitoring mode is a perfectly valid place to start. It lets you collect reports and see who's sending as your domain. But if those reports show unauthorized senders spoofing your domain (and for many companies, they do), staying at p=none means you're watching it happen without doing anything about it. Spoofed messages can generate complaints and spam trap hits that get attributed to your domain. If you're seeing that in your DMARC reports and you've confirmed all your legitimate mail is properly authenticated and passing, it's time to move to quarantine or reject. Just don't do it blindly. Make sure you've accounted for every legitimate sending source first, or you'll break your own mail flows.
How to check: Run your domain through an authentication checker to see exactly what's configured and what's broken. If your DMARC record needs work, the DMARC generator will build the right one for your setup.
How to fix: Start with SPF. Count your lookups to see exactly where you stand, flatten if needed, and remove any services you no longer use. Then verify DKIM is signing for every sending source. For DMARC, if you're still at p=none, start reviewing your aggregate reports. If everything legitimate is passing and you're seeing spoofing activity, that's your signal to move toward enforcement.
2. Your sender reputation is damaged
Sender reputation is the score mailbox providers assign to your sending IPs and domains based on how recipients interact with your mail. High complaints, low engagement, spam trap hits. They all drag it down. And once it's down, everything you send gets treated with suspicion.
Here's what I tell clients who say "but we only send to people who opted in": opt-in is the starting line, not the finish line. Permission to send doesn't mean permission to send forever. Someone who signed up for your newsletter three years ago and hasn't opened a message since isn't an engaged subscriber. They're dead weight, and if enough of them mark you as spam (or if their abandoned email address has been recycled into a spam trap), that opt-in isn't protecting you anymore.
The most common reputation killers:
High complaint rates
If more than about 0.1% of your recipients are hitting "report spam," you have a problem. That threshold is lower than most people expect. On a send of 100,000, that's just 100 complaints. Google publishes this clearly in their sender guidelines: stay below 0.1%, and never exceed 0.3%.
Sending to invalid or non-permissioned addresses
High bounce rates signal to mailbox providers that something is wrong with your list. Maybe you're not maintaining it, maybe you're mailing purchased lists, using third party data, or sending to addresses that never opted in. Whatever the source, if a significant portion of your sends are bouncing, providers assume you're not being careful about who you're mailing. They're usually right.
Hitting spam traps
Spam traps are email addresses operated by mailbox providers and blocklist operators specifically to catch senders with bad list practices. Some are recycled (real addresses that were abandoned and repurposed). Others are pristine, addresses that were never used by a real person and only exist to catch scrapers and purchased lists. Either type on your list is a serious problem.
Sudden volume spikes
If you normally send 50,000 emails a week and suddenly blast 500,000, every major provider is going to throttle or block you. Consistent sending patterns build trust. Erratic patterns destroy it.
How to check: Google Postmaster Tools is the single most useful free tool for monitoring your domain's reputation with Gmail. Microsoft's SNDS gives you similar visibility for Outlook. Between the two, you're covering the majority of consumer email.
How to fix: Reputation doesn't recover overnight. Expect at least 2-4 weeks of consistent, clean sending before you see inbox placement improve, and depending on how bad the damage is, it can take considerably longer. Fix the underlying problem first. Suppress the complainers, clean out the invalid addresses, track down where the spam trap hits are coming from. Then send to your most engaged segments while your reputation rebuilds. And whatever you do, don't keep blasting your full list while you wait for things to improve. That's how senders turn a two-week recovery into a two-month one.
3. You're sending to a bad list
List quality is where reputation problems start. If your list is clean, most of the other issues in this guide become much less likely.
The biggest list quality problems I see:
Purchased or rented lists
Just don't. I know someone sold you on the idea of reaching a "targeted audience" of 50,000 prospects. What they sold you is a fast track to spam folders and blocklists. Purchased lists are full of spam traps, dead addresses, and people who have no idea who you are. One send to a purchased list can damage your reputation for months.
Old lists that haven't been mailed in months
If you haven't emailed a list in six months or more, you can't just pick up where you left off. Addresses go invalid. People forget they signed up. Spam traps accumulate. You need to revalidate before you send, and even then, start slow.
Not removing invalid addresses
This sounds basic, but it trips up more senders than you'd expect, especially companies sending through an API or managing their own suppression logic. Your ESP probably handles obvious hard bounces automatically, but not all bounces mean the same thing. An address that returns an "invalid user" response needs to come off your list. A temporary failure like a full mailbox or a rate limit? That can be retried. The distinction matters. Blanket-suppressing every bounce is just as much of a mistake as suppressing none of them.
Confusing inactivity with disengagement
There's a lot of advice out there about aggressively sunsetting subscribers who haven't opened in X months. I'd push back on that. Removing inactive subscribers for the sake of removing them is lazy marketing. Before you cut someone from your list, you need to understand why they're not engaging. Are they genuinely disinterested, or are they not seeing your emails because of a deliverability problem? If your messages are landing in spam for a segment of your list, low engagement is a symptom, not the cause. Sunsetting those subscribers just shrinks your list without fixing anything. Do the analysis first. Look at your data by acquisition source, by domain, by time on list. Figure out where the real disengagement is before you start cutting.
How to fix: Run your list through a validation service to catch invalid, disposable, and risky addresses before they do damage. For subscribers who aren't engaging, dig into the data before making blanket cuts. Segment by domain and check whether it's a deliverability problem masquerading as a list problem. If you do identify segments that are genuinely dead weight, try a re-engagement campaign before removing them. Give people a reason to stay before you decide they're gone.
4. Your content is triggering filters
Content filtering has gone through phases. In the early 2000s, content was everything. Spam filters were basically keyword scanners, and using the wrong word in a subject line could sink you. Then the industry shifted to reputation-based filtering, and the conventional wisdom flipped: "content doesn't matter, reputation is all that matters." In 2026, with AI-powered filtering, the truth is somewhere in between.
Here's how I think about it. If your reputation is bad, don't worry about content. Fix your reputation. Content optimization is pointless if mailbox providers have already decided you're a risky sender. Even the cleanest email in the world will land in spam.
But if your reputation is solid and you're still seeing spam placement on specific sends, content might actually be the issue. The way to test this is straightforward: send a different creative to the same audience. If the second one lands in the inbox, your content was likely the trigger. If both go to spam, it's not content. Keep looking.
That said, content isn't completely irrelevant. Here's what actually matters:
Image-to-text ratio
An email that's one giant image with no real text looks suspicious to filters, and it's also terrible for accessibility. Include enough real text content that the message makes sense even with images turned off.
Misleading subject lines
Don't put "Re:" or "Fwd:" on messages that aren't replies or forwards. Don't use subject lines that have nothing to do with the email body. Providers are sophisticated enough to detect this, and recipients will report you for it.
Suspicious links
URL shorteners (bit.ly, etc.) in email are a red flag because spammers use them to hide malicious destinations. Use full, clean URLs. And make sure none of your links point to domains that are blacklisted. One bad link in an otherwise clean email can tank your placement.
Broken HTML
Missing closing tags, broken image URLs, images loaded over http instead of https. These are the kinds of code issues that can contribute to filtering. You don't need perfectly crafted HTML, but your emails shouldn't look like they were assembled by a broken script. If your images aren't loading or your links are throwing errors, that's a signal to filters and recipients alike.
The bottom line on content: it matters more than the "reputation is everything" crowd admits, but less than most people assume when they first hit the spam folder. Check authentication, reputation, and list quality first. If those are clean and specific sends are still getting filtered, test different content and see if the pattern changes.
5. Your sending infrastructure has issues
This one tends to affect companies that have grown beyond a single ESP or that recently changed their sending setup.
Shared vs. dedicated IPs
If you're on a shared IP (common with smaller ESPs or lower-volume plans), your deliverability is partially at the mercy of the other senders on that IP. If one of them trashes the reputation, you feel it. Dedicated IPs give you full control, but they require enough volume to maintain a consistent reputation, generally at least 100,000 messages per month.
New IP or domain warm-up
I've seen this go wrong more times than I can count. A company switches ESPs, gets assigned new sending IPs, and immediately sends their full volume. New IPs have zero reputation. Not good reputation. Zero. You have to ramp up slowly over 2-4 weeks, starting with your most engaged recipients and gradually increasing volume. Skip this step and you'll get blocked at every major provider.
Multiple ESPs without coordination
If your marketing team sends through one ESP, your transactional email goes through another, and your sales team is using a third, nobody has a complete picture of what your domain's sending looks like. Authentication can get fragmented, volume can spike unpredictably, and reputation signals get muddied. Every service that sends as your domain needs to be accounted for in your authentication records and sending strategy.
Misconfigured bounce handling
If bounces aren't being processed and suppressed properly, you'll keep hammering invalid addresses, which tanks your reputation. Make sure every sending system you use has proper bounce handling configured.
6. ISP-specific issues
Different mailbox providers filter differently, and what works for one doesn't always work for another.
Gmail has the most sophisticated filtering and relies heavily on engagement signals. If your Gmail recipients aren't opening, clicking, or moving your messages to their primary tab, Gmail takes that as a signal to deprioritize you. The Promotions tab isn't spam. Landing there is fine for marketing email. But if you're sliding from Promotions to Spam, that's a reputation problem, not a tab-sorting problem. Google's sender guidelines (updated as part of the bulk sender policy changes in early 2024) are worth reading in full if Gmail is a significant portion of your list.
Microsoft/Outlook tends to be more aggressive with filtering, especially for new senders. Their Smart Network Data Services (SNDS) dashboard gives you IP-level data, but the filtering logic is less transparent than Google's. If you're having Outlook-specific problems, it's often an IP reputation issue, and patience plus clean sending is usually the path forward.
Yahoo aligned with Gmail on the 2024 bulk sender requirements: authentication, one-click unsubscribe, complaint thresholds. If you've already addressed those for Gmail, you're largely covered for Yahoo. I wrote a detailed breakdown of those policy changes when they were announced.
The 2024 bulk sender policy changes were the biggest shift in deliverability requirements in years. If you're sending more than 5,000 messages a day to any of these providers, the requirements aren't optional. SPF, DKIM, DMARC, one-click unsubscribe, and complaint rates below 0.3%. Enforcement has only gotten stricter since launch.
7. How to diagnose your specific problem
If you're landing in spam and not sure why, here's the diagnostic order I use with clients:
Check authentication first
It's the most common root cause and the easiest to verify. Run your domain through an authentication checker and fix anything that's broken or missing.
Check reputation second
Pull up Google Postmaster Tools and look at your domain reputation over the last 30-90 days. If it's low or declining, that's your problem. Now you need to figure out what's driving it.
Check list quality third
Look at your bounce rates and complaint rates. If bounces are above 2% or complaints are above 0.1%, your list needs work before anything else will improve.
Check content fourth
Run a message through a header analyzer to see how it's being processed. Look for authentication failures, content flags, or routing issues.
Check sending patterns last
Have you had any sudden volume changes? New sending sources? ESP migrations? Changes in sending patterns are often the trigger for problems that show up as reputation or placement issues.
You can run most of these checks yourself with the free deliverability tools on this site. If you want a more thorough version of this process, I put together a 27-point email deliverability checklist that covers everything from DNS records to compliance. It's the same framework I use when I start working with a new client.
When to call an expert
Most deliverability problems can be fixed with the steps above. But there are situations where DIY stops working and professional help pays for itself quickly:
You're on a blocklist and can't get off
Some blocklists have straightforward removal processes. Others don't respond to requests, or they'll delist you only to relist you a week later because the underlying problem wasn't fixed. If you've been going back and forth with a blocklist for more than a week or two, you're burning time.
Your reputation has tanked and you can't figure out why
If authentication is clean, your list looks fine, and you're still in spam, there's usually something deeper going on. A spam trap source you haven't identified. A feedback loop you're not monitoring. A sending pattern that looks suspicious to providers. These are the problems that require access to tools and ISP relationships most companies don't have.
You're losing real revenue
If email is a meaningful revenue channel (and for most companies it is), every week in the spam folder is money left on the table. I had a client earlier this year who'd been fighting a reputation problem internally for three months, losing around $200,000 a month in email-attributed revenue the whole time. The root cause turned out to be an old co-registration source feeding recycled spam traps into their list. Once we killed that source and worked with them on a recovery plan, their placement was back to normal in about two weeks. Not every case is that clean, but the math on that one wasn't subtle.
You've tried the fixes and nothing's working
If you've gone through authentication, reputation, list quality, and content and you're still stuck, the problem is usually something that isn't visible from the outside. That's when having someone who can dig into the infrastructure, review your postmaster data, and call the right people at the right ISPs makes the difference.
If that sounds like where you are, book a free 15-minute assessment and I'll tell you whether it's something you can fix yourself or whether it makes sense to work together.
Frequently asked questions
How do I stop my emails from going to spam?
Start by checking your email authentication (SPF, DKIM, DMARC), then review your sender reputation using Google Postmaster Tools. If both are clean, look at list quality and content. Section 7 of this guide has the full diagnostic order I use with clients.
Can spam filters be wrong?
Yes. Spam filters are statistical models, not perfect classifiers. Legitimate email lands in spam regularly, especially from new senders or domains with mixed reputation. If your authentication and reputation are solid but specific sends get filtered, test different content to isolate the trigger.
How long does it take to fix email deliverability?
It depends on the root cause. An authentication fix (broken SPF, missing DKIM) can restore inbox placement within days. Reputation recovery typically takes 2-4 weeks of consistent, clean sending. Severe reputation damage from spam traps or blocklisting can take longer, sometimes 6-8 weeks.
Not sure which of these problems is causing your spam issues? Grab the free 27-point deliverability checklist. It's the same diagnostic framework I use with every new client.
Tom Sather
Email deliverability expert with 20+ years of experience helping companies improve inbox placement and authentication. Founder of Email Lookout.
Need help with deliverability? Book a free assessment →Related Posts
Ready to Improve Your Email Deliverability?
Get a free assessment of your email authentication setup and actionable recommendations to boost your inbox placement.