Common problem

Your business email keeps landing in spam

The most common cause by a distance is authentication that was never set up or was set up half way. Three DNS records decide whether a receiving system can tell your mail from someone pretending to be you.

Check your authentication first: SPF, DKIM and DMARC. Misconfigured or missing records are the most common cause of business mail being filtered, and they are also the most fixable. Send a message to a mail testing service, or open a message you sent to your own Gmail and choose Show original: it reports PASS or FAIL for each of the three in plain sight.

If all three pass and mail still lands in spam, the problem is reputation or content instead: a domain with no sending history, a shared sending address with a poor reputation, bulk mail with no unsubscribe, or content that reads like the mail everyone else is filtering.

Two things are not causes: your recipient having a strict filter, and bad luck. There is a reason, it is measurable, and it is usually one of the six below.

The likely causes, ranked by how often they turn out to be it

Roughly in order of how frequently each one is the real answer for a small business.

1. SPF, DKIM or DMARC missing or misconfigured

This is the big one, and misconfiguration is more common than absence. What each record actually does, in plain English:

  • SPF publishes the list of servers permitted to send mail for your domain. If mail arrives from a server not on the list, that is a signal something is off. The classic mistake is adding a new sending service, such as a newsletter tool or your website contact form, without adding it to the record.
  • DKIM signs each message cryptographically so the receiver can verify it really came from your domain and was not tampered with. Unlike SPF, it survives forwarding, which is why both matter.
  • DMARC tells receivers what to do when a message fails the first two, and gives you reports on who is sending mail as you. Many domains publish a DMARC record set to take no action and never read the reports, which is a wasted opportunity.

Two failure modes to know about: having two SPF records makes SPF invalid entirely, and adding a sending service without updating SPF means that service's mail fails from day one. This lives in DNS, which is why it is usually part of DNS and Cloudflare work.

2. A domain with no sending history

New domain, or an old domain that has never sent much, then suddenly sending. Receivers have nothing to judge you on, so they judge cautiously. Volume from a standing start is the classic trigger. Build up gradually with mail people actually open.

3. Shared IP reputation

On most small business mail platforms you share sending infrastructure with other customers. Usually fine, because the good providers police this. On a cheap host that also sends bulk mail for anyone who pays, you inherit their reputation. If your authentication is clean and mail still fails, ask what else is sending from where you are.

4. Sending business mail from a free consumer address

Beyond the credibility cost, sending on behalf of a consumer domain you do not control now causes genuine delivery failures under the major providers' bulk sender rules. Business mail belongs on your own domain, which is also the only way authentication can mean anything. See Google Workspace setup or a Microsoft 365 mailbox.

5. Content that reads like spam

Not a magic word list, whatever you have read. Filters look at patterns: all image and no text, link shorteners, mismatched display names and addresses, urgency language, attachments nobody asked for, and links to domains with poor reputations. The most common own goal is a message that is one big image with no real text.

6. Bulk mail without an unsubscribe, or to a list that never opted in

Bulk senders to the major providers are expected to authenticate properly, offer one click unsubscribe, honour it promptly, and keep complaints low. Buying a list breaks all of that at once. Spam complaints are the single fastest way to poison a domain, and the damage carries over to your ordinary day to day mail too.

Check these yourself, in this order

  1. Send yourself a message and read the original

    Send from your business address to a personal Gmail. Open it, choose Show original, and read the top: SPF, DKIM and DMARC each report PASS or FAIL. This is the fastest, most honest check available and it needs no tools.

  2. Run one message through a mail tester

    The free testers give you the same authentication verdict plus a content read and blocklist check in one page. Use one to confirm what step one told you.

  3. Check you have exactly one SPF record

    Not zero, not two. Two is invalid and fails, and it happens whenever a second service gets added by a second person. Every legitimate sender belongs in the single record.

  4. Confirm DKIM is switched on at your provider

    It is frequently available and simply never enabled, because it needs a DNS record added after the provider generates the key. Half configured DKIM is common.

  5. Check whether DMARC exists at all

    If you have no DMARC record, you have no policy and no visibility into who is sending as you. Start it in reporting mode and read what comes back before tightening anything.

  6. List every service that sends as you

    Mailbox provider, website contact form, invoicing tool, booking system, newsletter platform, CRM. Each one must be authorised. The forgotten sender is usually the one failing.

  7. Test to several providers, not just one

    Gmail, Outlook and a work mailbox behave differently. Failing at one provider and passing at others is a different diagnosis to failing everywhere.

  8. Check the blocklists

    Free lookups will tell you whether your domain or sending address is listed. If it is, that explains a lot, and the delisting process depends on the list.

What good looks like

  • One valid SPF record listing every sending service. Including the ones marketing added without telling anyone.
  • DKIM enabled and signing, with the key published in DNS. Enabled at the provider is only half of it. Verify a real message is actually signed.
  • A DMARC record you actually read the reports from. Start in reporting mode, see what is really sending as you, and only then move to a stricter policy.
  • Business mail on your own domain. Not a free consumer address. This is the foundation the other three stand on.
  • Bulk mail separated from day to day mail. Sending campaigns from the same address you invoice from means one bad campaign hurts your invoices.
  • A one click unsubscribe on anything bulk, honoured quickly. Expected by the major providers, and cheaper than the complaints you get without it.
  • Real text in your messages. Not one large image with no readable content behind it.
  • Records rechecked after any DNS or provider change. Migrations break authentication constantly, which is why email migration is worth planning rather than improvising.

When to bring in help

Reading the Show original header is genuinely something anyone can do, and it often ends the investigation. Bring someone in when:

  • The records look right to you and mail still fails. That usually means something subtle: a lookup limit, a subdomain policy, or a sender nobody remembers adding.
  • You do not have access to your DNS, or nobody knows where it is hosted. That is a bigger problem than the mail, and it sits with DNS management.
  • You are changing provider. Migrations are exactly where authentication breaks, and it is far cheaper to plan than to repair: see business email migration.
  • Your domain is on a blocklist and you do not know why. Delisting without fixing the cause just repeats.
  • You want DMARC tightened without accidentally rejecting your own legitimate mail. That order matters, and doing it backwards is disruptive.
  • Mail is critical to your business and you would rather it was set up once, properly, by someone who does it regularly. That is Workspace setup and IT consulting territory.

Who this is for

  • Businesses whose quotes and invoices land in customers' spam folders
  • Owners who just moved domain, host or mail provider and broke something
  • Anyone still sending business mail from a free consumer address
  • Businesses whose contact form notifications never arrive
  • Anyone who has been told to "just add SPF" and found it did not help

When this is not the right fit

  • Anyone wanting an assurance that mail will always reach the inbox. Nobody controls another company's filters, and that cannot be promised honestly.
  • Businesses sending to purchased lists. Authentication will not save that, and we will not help make it deliverable.
  • Sites where mail already authenticates cleanly and lands fine. Nothing is wrong. Leave it.

What SolvenceHQ can help with

We check the authentication first because it is the most common cause and the most fixable. Where the answer is reputation rather than records, we will say so, because that one takes patience rather than a change.

  • Audit SPF, DKIM and DMARC and explain what each is currently telling receivers
  • One valid SPF record covering every service that legitimately sends as you
  • DKIM signing switched on and verified on real mail, not just enabled in a panel
  • DMARC introduced in reporting mode first, then tightened without breaking your own mail
  • Google Workspace or Microsoft 365 mailboxes on your own domain
  • Migrations planned so authentication survives the move

Common questions

What do SPF, DKIM and DMARC actually do?

They are three records in your domain's DNS that together prove mail claiming to be from you really is from you.

SPF is a published list of the servers allowed to send mail for your domain. The receiver checks whether the sending server is on your list.

DKIM is a cryptographic signature added to each message. The receiver checks the signature against a key published in your DNS, which proves the message came from you and was not altered on the way.

DMARC ties the two together and tells receivers what to do when a message fails: nothing, quarantine it, or reject it. It also lets you receive reports on who is sending as you.

Without these, a receiving system has no way to tell your mail from someone impersonating you, and it treats it accordingly.

I set up SPF and it still goes to spam. Why?

Several common reasons. SPF alone is weaker than the three together, so DKIM and DMARC still need to be right. SPF also breaks silently when mail is forwarded, which is exactly what DKIM covers.

The classic self inflicted version is having two SPF records on the domain, which is invalid and makes the check fail outright rather than pass partially. One record only, listing every sender. And authentication is only half the picture: it proves who you are, it does not make you welcome. Reputation and content still decide the rest.

Can I send business mail from a Gmail or Yahoo address?

You can, and it will cost you. Sending business mail from a free consumer address looks unprofessional and, since the major providers tightened their bulk sender rules, sending on behalf of a consumer domain you do not control causes real delivery failures. Mail from your own domain is the fix, and it is also the only way to have SPF, DKIM and DMARC that mean anything. That is what Google Workspace or a Microsoft 365 mailbox is for.

We just moved to a new domain and everything goes to spam. Is that normal?

Yes, and it is temporary if you handle it well. A domain with no sending history is an unknown quantity, and receivers are cautious with unknowns. Warm it up: start with modest volumes of real mail to people who expect it and will open it. Do not launch a new domain with a mass send to a cold list. That is the fastest way to teach every major provider that your new domain is a problem, and reputation is much harder to rebuild than to build.

Do I need an unsubscribe link on normal business email?

Not on genuine one to one correspondence. You absolutely do on anything bulk or promotional, and the rules tightened recently: bulk senders to the major providers are expected to offer one click unsubscribe and honour it quickly, on top of authenticating properly. If you are sending the same message to a list, treat it as bulk regardless of how personal it feels.

Get a Quote

Want your email checked properly?

Tell us your domain and where the mail is landing. We will check the authentication records and tell you what is actually wrong.