Why your business email keeps going to spam (a diagnostic checklist)

If you have a custom domain and emails from your business address keep landing in customers' spam folders, the cause is almost always one of six things. None of them are random and all of them are fixable. This is the diagnostic checklist we use when clients ask us why their email isn't getting through.

This post is written for small business owners and solo founders who are sending real email (sales follow-ups, customer support, contact form auto-replies) and finding it in spam more often than they should. It is not for people running mass marketing campaigns to cold lists, which is a different problem with different solutions.

The six things to check, in priority order

1. SPF record 2. DKIM record 3. DMARC record 4. Sender domain age and reputation 5. Subject line and body content 6. List-Unsubscribe headers

Most deliverability problems are one of the first three. The last three matter but are usually fine for legitimate small-business senders.

1. SPF record

SPF (Sender Policy Framework) is a DNS TXT record on your domain that tells receiving mail servers which services are allowed to send email from your domain. If your SPF record is missing, broken, or doesn't include the service you actually send through, your mail will land in spam.

How to check

Use any free SPF lookup tool. Search "SPF record check" and you will find several. Enter your domain. The tool will show you what SPF record exists.

You are looking for:

• A single TXT record at the apex of your domain (yourdomain.com, host @)
• The record starts with v=spf1
• It includes every service that sends mail on your behalf
• It ends with ~all (soft fail) or -all (hard fail)

What it should look like

If you send through Google Workspace AND a transactional service like Resend, your record should look like:

v=spf1 include:_spf.google.com include:send.resend.com ~all

If you send through Namecheap Private Email AND Resend:

v=spf1 include:privateemail.com include:send.resend.com ~all

The key is that EVERY service sending mail under your name has to be in this record. If you have multiple, combine them into one record. You cannot have two SPF records on the same domain. Some DNS providers will let you add two, but receiving mail servers will reject one or both.

Common mistakes

• Two separate SPF records. Combine them.
• Forgetting to include a new service after switching providers.
• Including -all (hard fail) before your setup is stable. Use ~all first, switch to -all after a month of clean sending.

2. DKIM record

DKIM (DomainKeys Identified Mail) is a cryptographic signature that proves an email actually came from your domain and was not modified in transit. Without DKIM, modern mail servers (Gmail, Outlook, Yahoo) significantly downgrade your deliverability.

How to check

Send yourself a test email. Open it in Gmail. Click the three-dot menu, then "Show original." Look for a section that includes DKIM: followed by either PASS (good) or FAIL (broken) or nothing (missing).

How to fix

Your email sending service (Google Workspace, Resend, Namecheap Private Email, SendGrid, etc.) provides a DKIM TXT record for you to add to your DNS. It looks something like:

p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQ... (a long base64 string)

The host name depends on the service. Common patterns:

• Google Workspace: google._domainkey
• Resend: resend._domainkey
• Namecheap Private Email: default._domainkey
• SendGrid: s1._domainkey and s2._domainkey

Add the record exactly as the service tells you. After DNS propagates (a few minutes), DKIM should start passing on new emails.

Common mistakes

• Copying the DKIM value with extra whitespace or line breaks. Most DNS providers handle this gracefully, but not all.
• Setting up DKIM for one service when you also send through another. Each service needs its own DKIM record at its own subdomain name.

3. DMARC record

DMARC (Domain-based Message Authentication, Reporting & Conformance) ties SPF and DKIM together and tells receiving mail servers what to do when one or both fail. Modern Gmail and Yahoo policy (as of 2024) effectively require a DMARC record for bulk senders.

How to check

Look up _dmarc.yourdomain.com as a TXT record. If nothing comes back, you have no DMARC. If something comes back, look at its policy (p=none, p=quarantine, or p=reject).

What it should look like

A reasonable starting DMARC record:

v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com

The p=none policy means "monitor only, don't actually quarantine or reject mail." This is the right starting point because it lets you collect data on who is sending mail as your domain before you tighten policy.

After a few weeks of monitoring, if the SPF and DKIM are passing cleanly, tighten to:

v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@yourdomain.com; pct=100

p=quarantine means "if SPF or DKIM fails, send to spam." This signals to receiving mail servers that you take email security seriously, which in practice improves inbox placement for your legitimate mail.

Eventually you can tighten further to p=reject, which means "if SPF or DKIM fails, throw it away entirely."

Why this matters more than people think

A DMARC record set to p=quarantine or stricter sends a strong positive signal to receiving mail servers about your domain's deliverability seriousness. Domains with no DMARC or with p=none are treated as less trustworthy by default. Setting up DMARC at quarantine level is one of the highest-leverage things you can do for deliverability.

4. Sender domain age and reputation

If your domain is brand new (less than a few months old) or you have just started sending email from it, expect higher spam folder rates for the first 2-4 weeks regardless of how perfect your DNS is. Receiving mail servers track domain age and sending history. New domains are treated with suspicion because spammers churn through new domains constantly.

There is no magic fix for this. It improves on its own as you send more legitimate mail and recipients mark your messages as Not Spam.

What you can do:

• Send less volume early on. Don't blast a 5000-person newsletter from a one-week-old domain. Start small.
• Personally ask early recipients to mark your emails as Not Spam if they land there.
• Keep sending consistently. Patterns of intermittent sending look more suspicious than steady volume.

5. Subject line and body content

Once your authentication is correct and your domain has some age, content matters less than people think. But it still matters. A few things to avoid:

• ALL CAPS SUBJECT LINES
• Excessive exclamation points
• Subject lines that read like ads ("Save 50% TODAY!!!")
• Lots of images with very little text
• Single image emails with no text at all
• Shortened links (bit.ly, etc.)
• Phrases that show up in spam datasets: "FREE", "Act now", "Click here," "Limited time"

For a small business sending real correspondence to real people, this is rarely a problem. You write like a person. Your subject lines are normal. You are fine.

If you are sending transactional email (order confirmations, password resets, contact form replies), make the subject line specifically descriptive: "Your order from Acme Corp" not "Important: please read."

6. List-Unsubscribe headers

If you send any kind of bulk mail (newsletter, marketing, even high-volume transactional), the List-Unsubscribe header is now effectively required by Gmail and Yahoo's 2024 bulk sender rules. Even one-click unsubscribe is part of the requirement.

If your email service is modern (Resend, Postmark, Mailgun, SendGrid), it handles this automatically. If you are rolling your own SMTP, you need to add these headers manually:

List-Unsubscribe: <mailto:unsubscribe@yourdomain.com>, <https://yourdomain.com/unsubscribe?id=xyz>

List-Unsubscribe-Post: List-Unsubscribe=One-Click

For pure personal or small-business correspondence (one-to-one emails, support replies), these headers are not required. They are for bulk mail.

The diagnostic order

If your email is landing in spam:

1. Look up your SPF record. Fix it if missing or broken. 2. Send a test, look at the headers. Confirm DKIM is passing. 3. Look up your DMARC record. Add one at p=none if missing. 4. Wait a week and observe. If still landing in spam after fixing 1-3, look at content. 5. If your domain is new, give it time. 2-4 weeks of clean sending usually fixes it. 6. If you send bulk, confirm List-Unsubscribe headers are present.

In our experience working on email setups for clients, fixing SPF + DKIM + DMARC solves around 80% of deliverability issues immediately. Most of the rest is time and reputation, not configuration.

When to call for help

If you have fixed all six things on this checklist and your mail is still landing in spam consistently, your domain may have been previously used by a spammer, your IP block (if you run your own server) may have a bad reputation, or your specific recipients may have aggressive personal spam filters.

Tools like mail-tester.com will give you a 0-10 score for any test email you send to them. If you score above 9/10 and your mail still lands in spam at specific recipients, the problem is on their end, not yours.

If you want a second set of eyes on your setup, we are happy to take a look. Contact us at the form on this site.