If you’re reading this, you probably noticed something specific. A campaign that normally pulls a 24% open rate dropped to 11%. A customer messaged support to say they never got the receipt. Your Postmaster dashboard turned yellow overnight. Or you ran a test send to your own Gmail account and watched the message slide quietly into the Spam tab.
This isn’t a “best practices” article. This is the diagnostic playbook for the first 60 minutes — and the first four weeks — after you realize your emails are landing in spam.
Industry deliverability benchmarks from Validity and Litmus have placed average global inbox placement around 83% in recent years, meaning roughly 17% of legitimate, consented mail misses the inbox for fixable reasons. That number jumped sharply for senders who didn’t meet Gmail and Yahoo’s new bulk-sender requirements in Q1 2024. By the end of this guide, you’ll know exactly which of the six root-cause categories is hitting you, what to do about it, and how long recovery should realistically take.
This article is part of our Email deliverability guide.
Start here: the 60-minute spam diagnostic
Before you change a single thing in your email program, run this triage. It takes about an hour and tells you which category of fix you need.
1. Check Google Postmaster Tools. Look at four panels: domain reputation, IP reputation, spam rate, and authentication. Spam rate above 0.1% is a warning; above 0.3% is the line where Gmail starts actively penalizing you.
2. Check Microsoft SNDS. Your sending IPs should be green. Yellow means your filtered rate is climbing; red means you’re already at Outlook/Hotmail’s threshold for spam folder routing.
3. Run a blocklist sweep. MXToolbox or MultiRBL.valli.org will check your sending IPs and domains against 80+ blocklists in under a minute. A Spamhaus, Spamcop, or SURBL hit explains a lot.
4. Send a test to Mail-Tester.com or GlockApps. Mail-Tester scores your message 0–10 with annotated breakdowns of SPF, DKIM, DMARC, content, and infrastructure problems. GlockApps and Inbox Monster do full seed-list inbox placement tests across providers.
5. Pull your latest DMARC aggregate report. Tools like Postmark’s DMARC Digests, Dmarcian, EasyDMARC, or Valimail Monitor parse the XML. You’re looking for sources you didn’t authorize and SPF/DKIM alignment failures on your own mail.
Each result routes to a different section of this guide:
| Diagnostic signal | Likely root cause | Where to jump |
| Postmaster spam rate >0.3% | Engagement / list quality | Reason 3 |
| DMARC report shows fail/none alignment | Authentication | Reason 1 |
| Blocklist hit | Sender reputation | Reason 2 |
| Mail-Tester flags content score | Content & HTML | Reason 4 |
| Sudden inbox-placement drop | Volume/pattern shift | Reason 6 |
| Authentication fine but still in spam | Infrastructure mistakes | Reason 5 |
Senders who catch issues while spam rate is still under 0.1% typically recover in 2–4 weeks. Those who let it cross 0.5% before reacting are usually looking at 6–10 weeks of disciplined remediation. Speed of diagnosis matters more than the size of the fix.
For Sender users, why campaigns get filtered or blocked inside Sender covers the platform-specific signals that surface alongside the external diagnostics above — bounce categorization, pause triggers, and the in-platform alerts that catch problems earlier than Postmaster’s daily refresh.
How spam filters actually decide
Modern spam filters don’t work the way they did in 2010. Lexical filtering — the “trigger word” approach — still exists in corporate and university mailboxes, but at the major consumer providers it’s a minor input. Today’s filtering combines three mechanisms:
- Scoring, where the message accumulates positive and negative points from dozens of weighted rules; cross a threshold and you’re in spam.
- Fingerprinting, where the filter compares your message to a constantly updated corpus of confirmed spam; high similarity scores get you junked.
- Machine learning, where the filter reads behavioral signals (open rate, reply rate, archive rate, mark-as-spam rate) at the sender level and adjusts placement dynamically.
The four input categories driving every spam score:
- Sender reputation — your IP and domain history
- Authentication signals — SPF, DKIM, DMARC, alignment
- Content and structure — words, HTML, links, attachments, image-text balance
- Recipient engagement — opens, clicks, replies, complaints, archives
The shift you need to internalize: deliverability is now mostly behavioral, not lexical. A perfectly authenticated, content-clean message sent to a list with 8% open rates will get junked. A slightly sloppy one sent to highly engaged recipients will reach the inbox. Engagement rate is the dominant signal.
Reason 1: Your authentication is broken or missing
Authentication is the single most common technical cause of spam-folder placement, and it’s also the cheapest to fix — most of these are DNS changes that take effect in hours.
Missing or incomplete SPF, DKIM, DMARC
If your DMARC aggregate reports show dkim=fail or spf=fail on your own legitimate traffic, you’ve found the problem. Each protocol does one thing: SPF authorizes IPs to send for your domain, DKIM cryptographically signs each message so it can’t be altered in transit, DMARC ties them together with an alignment requirement to your From: domain. Skip any one and modern receivers — Gmail, Yahoo, Outlook, Apple — treat your mail as untrusted.
SPF 10-DNS-lookup overflow
A subtle and surprisingly common failure: SPF allows a maximum of 10 DNS lookups per evaluation. Chain a few include: statements through your ESP, your marketing tool, your CRM, and your help-desk integration, and you blow past the limit. SPF then returns permerror and the receiver treats it as unauthenticated. Tools like Valimail’s domain checker and MXToolbox SPF Survey will count your lookups.
DMARC misconfiguration sending your own mail to spam
The most painful authentication failure: you publish p=reject or p=quarantine without your DKIM correctly configured at every sending source. Your own legitimate mail now fails alignment and gets junked or bounced by your own policy. Fix sequence:
- Revert DMARC to
p=nonetemporarily. - Audit every sending source from your aggregate reports.
- Configure DKIM at each source.
- Verify alignment in reports for 14 days.
- Move back to
p=quarantine, thenp=reject.
From-domain / authentication-domain mismatch
DMARC requires alignment between the visible From: domain and the domain that passes SPF or DKIM. Common cause: you send through a new ESP and forget to configure your subdomain on their side, so authentication passes for the ESP’s domain but doesn’t align with yours.
# Correct: SPF, DKIM, DMARC for sending subdomain
# SPF record on news.example.com
"v=spf1 include:sendgrid.net -all"
# DKIM record on s1._domainkey.news.example.com
"v=DKIM1; k=rsa; p=MIIBIjANBgkqhki..."
# DMARC record on _dmarc.news.example.com
"v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com; pct=100"
Reason 2: Your sender reputation has dropped
Reputation is built across weeks and lost in days. The signals come from three places.
IP reputation
If you’re on a shared IP, your reputation is partly inherited from neighbors. A sudden drop you can’t trace to your own behavior often means a fellow tenant just sent a bad campaign. If you’re on a dedicated IP, your reputation is fully yours — for better and worse. Check Postmaster Tools’ IP reputation tab and Microsoft SNDS color status. Anything below “High” / green warrants investigation.
Domain reputation
Your domain reputation follows you across providers, ESPs, and IPs — which is why subdomain isolation matters. Send transactional mail from tx.example.com, marketing from news.example.com, and never the corporate domain. A reputation hit on one subdomain doesn’t contaminate the others.
Blocklist appearance
The major blocklists that affect deliverability:
| Blocklist | What it catches | Typical delisting |
| Spamhaus SBL | Manual listings — pristine spam trap hits, confirmed abuse | 24–72 hours after remediation |
| Spamhaus CSS | Automated — snowshoe spam, weak-consent senders | Days–weeks |
| Spamhaus XBL / PBL | Compromised hosts, dynamic IPs | Network-level fix required |
| Spamcop | Trap-driven | Auto-expires after 24 hr clean sending |
| SURBL / URIBL | URLs in message bodies, not sending IPs | Submit URL removal request |
| UCEPROTECT | Aggressive ranges, especially in Europe | Auto-expires; rarely worth manual delisting |
| Barracuda BRBL | Reputation-based | Submit removal form |
A Spamhaus SBL listing typically drops inbox placement at consulting mailbox providers from ~95% to under 20% within 24 hours. Spamcop is gentler but cumulative — repeated listings compound reputation damage even if each one auto-expires.
Reason 3: Your recipient engagement is killing you
The largest root-cause category at major consumer providers, and the one most senders underweight. If reputation looks fine and authentication passes but mail still routes to spam, engagement is almost always the answer.
High spam complaint rate
The 0.3% threshold from Postmaster Tools is the line where Gmail starts actively filtering you. Above 0.5% and you’re effectively rate-limited. To find the cause: filter your Postmaster data by campaign and date, identify the spike, and isolate the acquisition source or list segment that drove it.
Low open and click rates
Gmail’s behavioral filter treats sustained low open rates (sub-10% on bulk sends) as a quality signal. A campaign with high opens reaches the inbox even with marginal content; a campaign with cratering opens gets junked even with perfect authentication. Apple Mail Privacy Protection complicates this — proxy-loaded pixels inflate apparent opens — so weight clicks, replies, and downstream conversions more heavily than open rate alone.
Spam traps on your list
Four types:
- Pristine — addresses created by anti-spam organizations, never used by humans. Severe penalty.
- Recycled — once-real addresses reclaimed after 6–12 months of inactivity.
- Typo — common misspelled domains (gmial.com, yaho.com) registered by anti-abuse groups.
- Role-based — info@, support@, sales@ addresses, often converted to traps when abandoned.
Traps usually arrive through purchased lists, scraping, partner co-registration, or aging inactive subscribers crossing the recycled threshold.
High bounce rate
Above 5% indicates list-quality problems. Above 10% triggers automated suspension at most reputable ESPs. Hard bounces (permanent — invalid address) should be suppressed immediately; soft bounces (temporary — full mailbox, server issue) can be retried for a defined window then suppressed.
Graymail — legitimate but unwanted
The category most marketing programs don’t notice until it’s hurting them. Graymail is opt-in, technically legitimate mail that consistently fails to engage recipients: the weekly newsletter no one opens, the product update that 87% of subscribers archive without reading. Gmail and Outlook increasingly route graymail to Promotions or Spam regardless of permission status.
The fix is engagement segmentation with a documented sunset policy:
| Tier | Behavior | Cadence |
| Hot | Opened or clicked in last 30 days | Full cadence |
| Warm | Engagement in last 90 days | Reduced cadence |
| Cold | No engagement in 90–180 days | Re-engagement attempt only |
| Sunset | No engagement in 180+ days | Suppress after one final attempt |
Reason 4: Your content is triggering filters
Lexical filtering still matters in corporate, university, and government mailboxes, and content patterns still feed the machine-learning filters at consumer providers. The categories that hurt you most:
Spam-trigger words and phrases
The high-risk language clusters:
- Financial promises: “guaranteed income,” “double your money,” “no risk investment,” “be your own boss,” “earn $$$ from home”
- Urgency manipulation: “act now,” “limited time,” “expires today,” “while supplies last,” “don’t miss out!!!”
- Discount language overused: “100% free,” “free gift,” “no cost,” “no obligation,” “satisfaction guaranteed”
- Pharma and medical: anything resembling unsolicited drug language
- Formatting flags: ALL-CAPS subject lines, multiple exclamation marks!!!, excessive emoji 🔥🔥🔥, asterisks around words for emphasis
Filter context matters. Gmail’s modern ML filter mostly ignores isolated trigger words; corporate mailboxes still use weighted lexical rules that will junk you for one wrong phrase. Default to clear, professional language regardless.
Image-to-text ratio
Image-only emails are a classic spammer pattern — text hidden inside images so content filters can’t read it. Aim for roughly 60% text to 40% images by visible area. Always include alt attributes for accessibility and for receivers that block image loading.
Sloppy or broken HTML
Unclosed tags, inline scripts, unexpected encodings, and CSS that breaks on Outlook’s Word rendering engine all increase spam scores and damage the recipient experience. Use tested email templates and validate every message with Litmus or Email on Acid before high-volume sends.
Missing plain-text alternative
HTML-only emails are penalized by spam filters and inaccessible to screen readers. Every email should include a plain-text version — most ESPs auto-generate one, but verify it actually contains your content.
Link shorteners
bit.ly, t.co, and other shorteners are a spammer staple because they obscure destination URLs. Gmail explicitly began downgrading messages containing bit.ly links during 2023. Use your own tracked links on a custom subdomain instead.
Open URLs versus hyperlinked anchor text
A subtle but real pattern Postmark and others have documented: typed-out raw URLs in body copy (Visit https://example.com/promo) score worse than the same URL hidden behind anchor text (Visit our promo page). Spammers often type URLs out; legitimate marketers usually hyperlink. Filters have learned the pattern.
Suspicious attachments
Spammers love attachments because they’re a vector for malware and phishing. Avoid .zip, .exe, and macro-enabled documents entirely. Host downloads on your site and link to them.
Reason 5: Infrastructure and setup mistakes
This category catches senders whose authentication is fine, reputation looks healthy, and content is clean — but mail still routes to spam. The culprits:
- No-reply From addresses raise spam scores at multiple providers. Use a monitored mailbox like
team@example.comeven if you don’t actively respond to every message; “no-reply” looks like a sender who doesn’t want to be replied to, which is a phishing pattern. - Free email domains as the From address for business sending (e.g.,
business@gmail.com) — DMARC alignment is impossible because you don’t own gmail.com. Use your own domain. - Missing PTR / reverse DNS on sending IPs — required by Gmail and Yahoo as of February 2024 for bulk senders. Your sending IP must resolve back to a hostname, and that hostname must forward-resolve back to the IP (forward-confirmed reverse DNS).
- Link and image domain misalignment — if your
From:domain isnews.example.combut your images load from a free image host and your tracking links use a third-party domain, you’re attaching that domain’s reputation to your message. Host images and links under your own subdomain whenever possible. - Form abuse — unprotected signup forms get hit by spambots that inject spam-trap addresses, fake addresses, and addresses belonging to people who didn’t sign up and will mark you as spam. Add a hidden honeypot field (invisible to humans, filled by bots) and reCAPTCHA or hCaptcha to every public form.
Infrastructure checklist:
[ ] From address uses your owned domain (not @gmail.com / @yahoo.com)
[ ] Reply-to is a monitored mailbox, not no-reply@
[ ] PTR record set on every sending IP
[ ] All image URLs use your sending subdomain
[ ] All click-tracking URLs use your sending subdomain
[ ] Signup forms have honeypot field + CAPTCHA
[ ] Transactional and marketing send from separate subdomains
Reason 6: Volume and sending pattern issues
Mailbox providers treat sudden changes in sending volume as inherently suspicious — both spikes and gaps.
The patterns that trigger filters:
- Cold IP/domain warmup skipped or rushed — new sending identity going straight to 100,000 messages/day instead of ramping over 4–6 weeks.
- Sudden volume spikes — sending five times your normal daily volume in a single day, especially after a quiet period, mimics the burst patterns of compromised accounts.
- Long gaps followed by mass blasts — the “haven’t emailed in three months, now blasting Black Friday to the full list” failure mode. Your list has decayed, your reputation has gone cold, and the surge looks like a takeover.
Healthy growth curves are gradual. SendGrid and Mailgun documentation both recommend reaching steady-state volume across 4–6 weeks for new IPs, with daily volume doubling at most every 2–3 days during the ramp. If you’ve broken this pattern, drop back to engaged-only segments and re-warm at lower volume for 2–4 weeks before resuming normal cadence.
The 2024 Yahoo & Google bulk-sender requirements
Since February 1, 2024, any sender shipping more than 5,000 messages per day to Gmail or Yahoo addresses has had to satisfy a hard floor of requirements. Apple Mail and Microsoft have signaled parallel rules. If you’re hitting the spam folder and you haven’t audited compliance, audit now.
| Requirement | What it means | Consequence if missing |
SPF + DKIM aligned with From: domain | DMARC alignment, relaxed or strict | Authentication failures, inbox degradation |
| DMARC published | Minimum p=none for bulk senders | Bulk mail rejected outright |
| One-click unsubscribe headers | List-Unsubscribe + List-Unsubscribe-Post per RFC 8058 | Promotions throttled or rejected |
| Plain-text unsubscribe in body | Visible link in every marketing message | Promotions tab demotion |
| Spam complaint rate <0.3% | Postmaster userreportedspamratio over 24 hr | Throttling at 0.3%, severe above 0.5% |
| PTR / reverse DNS | Forward-confirmed reverse DNS on sending IPs | Connections refused |
| TLS transport | STARTTLS minimum; MTA-STS strongly preferred | Connection downgraded or rejected |
# Required one-click unsubscribe headers (RFC 8058)
List-Unsubscribe: <https://example.com/u/abc123>, <mailto:unsub+abc123@example.com>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
Validity and Litmus tracking through 2024 showed compliant senders holding above 90% inbox placement at Gmail and Yahoo while non-compliant senders dropped below 60% in the months following enforcement.
Provider-specific quirks worth knowing
Each major mailbox provider filters slightly differently. Your fix often depends on which one is junking you.
Gmail
The strictest behavioral filter in consumer email. Engagement signals dominate scoring. Bulk-sender requirements apply at 5,000 messages/day. The Promotions tab is a halfway-house — legitimate marketing routinely lands there, which isn’t spam but reduces effective engagement. To check your Gmail standing: Google Postmaster Tools, with daily monitoring of domain reputation, IP reputation, spam rate, and authentication.
Outlook / Microsoft 365
Heavier lexical content filtering than Gmail. SmartScreen on the consumer side and enterprise SmartScreen on the Microsoft 365 side use different rule sets. Outlook is more sensitive to subject-line caps, exclamation marks, and certain word patterns. The canonical diagnostic surface is Microsoft SNDS for IP-level data and Junk Mail Reporting Program (JMRP) for complaint feedback.
Yahoo / AOL
Operationally parallel to Gmail since the joint Feb 2024 enforcement. Complaint Feedback Loop (CFL) is the primary engagement signal — register for it. Yahoo has historically been more aggressive on volume spikes than Gmail.
Apple Mail
Mail Privacy Protection (introduced 2021, expanded since) proxy-loads images for users on iOS Mail, which inflates apparent open rates across your list. Rely on clicks and downstream conversion for true engagement measurement when Apple Mail is a significant share of your audience. Apple has begun signaling adoption of the 2024 sender requirements as well.
| Provider | Filter weight | Key diagnostic | Common failure |
| Gmail | Behavioral / engagement | Postmaster Tools | Spam rate >0.3% |
| Outlook | Lexical + reputation | SNDS / JMRP | Content triggers, SmartScreen |
| Yahoo | Behavioral, volume-sensitive | Sender Hub / CFL | Volume spikes, complaints |
| Apple | Privacy-preserving | Limited public diagnostics | Inflated open metrics |
How to fix it: recovery playbook with timelines
The five-step pattern that works regardless of root cause:
- Stop sending to the suspect segment. Whichever list, campaign, or subdomain is taking the reputation hit gets paused immediately. Continuing to send during diagnosis just deepens the hole.
- Identify the cause. Run the 60-minute diagnostic above and route to the right Reason section.
- Apply the specific fix. Authentication problems are DNS edits. Reputation problems are engagement segmentation. Content problems are rewrites. Don’t change everything at once — you’ll lose visibility into what actually helped.
- Resume with engaged-only segments at warmup volumes. Day 1 of recovery sending is your most engaged 5–10% of the list, at maybe 20% of normal daily volume. Daily ramp from there.
- Monitor Postmaster, SNDS, and Sender Score daily for 4 weeks. Don’t return to full volume until all three are healthy and stable for at least 14 consecutive days.
Realistic recovery timelines by root cause:
| Root cause | Time to fix | Reputation recovery |
| Authentication misconfiguration | Hours | 1–2 weeks |
| Content triggers | Days | 2–4 weeks |
| Engagement collapse / graymail | Weeks | 4–8 weeks |
| Spamhaus SBL listing | 24–72 hr after remediation | 6–12 weeks |
| Compromised IP or domain | Weeks | 3+ months |
| Pristine spam trap hit | Days–weeks (find and suppress) | 6–12 weeks |
The single hardest thing during recovery is patience. Sender reputation is rebuilt at the speed of demonstrated good behavior — daily Postmaster checks become your routine, not a panic response.
Tools to diagnose and monitor
The tool stack that actually answers “why are my emails going to spam”:
- Reputation dashboards: Google Postmaster Tools (free), Microsoft SNDS (free), Yahoo Sender Hub, Validity Sender Score.
- Blocklist sweeps: MXToolbox, MultiRBL.valli.org, Spamhaus check, Spamcop lookup.
- Inbox placement testing: Mail-Tester (free, fast), GlockApps, Inbox Monster, Email on Acid — these send to seed accounts across providers and report inbox vs. spam placement per provider.
- DMARC aggregate parsing: Postmark DMARC Digests (free for small senders), Dmarcian, EasyDMARC, Valimail Monitor.
- Content scoring: SpamAssassin score (built into many seed-test tools), Mailtrap Spam Checker.
- Rendering and HTML validation: Litmus, Email on Acid — verify your message renders correctly across 90+ email client/device combinations.
Run Postmaster and SNDS daily, blocklist sweeps weekly, and a full seed test before every major campaign. For Sender users, Sender’s reporting that surfaces these diagnostic signals natively complements the external tools above — campaign-level bounce, complaint, and engagement metrics in a single dashboard, plus the alerts that fire before issues hit Postmaster Tools’ daily refresh.
Frequently asked questions
Gmail uses the most aggressively behavioral filter in consumer email. The usual causes: a Postmaster spam complaint rate above 0.3%, low engagement on your last several campaigns, DMARC misalignment, or non-compliance with the 2024 bulk-sender requirements. Start with Google Postmaster Tools.
Microsoft uses heavier lexical content filtering and SmartScreen pattern matching than Gmail. Word choice, link density, subject-line formatting, and IP reputation in SNDS matter more at Outlook. Run a content review and check your SNDS color status for the IPs sending to Outlook addresses.
Send a test through Mail-Tester, GlockApps, Inbox Monster, or Email on Acid. These services maintain seed inboxes across providers and report where your message landed at each one. Mail-Tester is free and fast for spot checks; the others provide deeper per-provider breakdowns.
Sometimes. A new ESP gives you fresh IP reputation, but your domain reputation follows you. If the cause is content quality, list quality, authentication, or engagement, switching providers does nothing. Diagnose first, switch only if your current ESP’s infrastructure is actually the problem (rare for reputable providers).
Authentication and DNS fixes take effect in hours; reputation recovery takes 1–2 weeks. Content and pattern issues take 2–4 weeks of clean sending. Engagement collapse or graymail accumulation takes 4–8 weeks. A Spamhaus SBL listing typically takes 6–12 weeks to fully recover from. Compromised IPs or domains can take 3+ months.
Sometimes, in corporate and university mailboxes that still use heavy lexical filtering. At Gmail and Outlook consumer, behavioral signals now dominate — isolated trigger words rarely tank a message on their own. Avoid “free!”, “guaranteed”, multiple exclamation marks, and ALL-CAPS subject lines regardless; the cost of avoiding them is zero.
Most common causes: sending transactional and marketing from the same domain or subdomain (a marketing reputation hit drags transactional with it), no-reply From address, missing authentication on the transactional stream specifically, or sending from a domain that’s never been properly warmed. Move transactional sending to a dedicated subdomain like tx.example.com with its own authentication and warmup.
The opposite. An unsubscribe is a controlled exit that protects your reputation. A spam complaint damages it. Making unsubscribing genuinely one-click easier than reporting spam reduces complaint rates substantially. The RFC 8058 one-click unsubscribe header is now required for Gmail and Yahoo bulk senders anyway — implement it properly and watch complaints drop.
Final word
Emails going to spam is a signal, not a verdict. Every cause in this guide is fixable, and most fixes are cheap and fast — DNS edits, list pruning, content rewrites, engagement segmentation. The expensive part is the waiting: mailbox providers rebuild trust at the speed of demonstrated good behavior, and that clock starts the moment you stop sending to the suspect segment, not the moment you wish it would.
If you’ve been here before, the discipline that prevents the next incident is operational: daily Postmaster and SNDS checks, monthly authentication audits, quarterly engagement segmentation reviews, and a documented sunset policy that actually runs without anyone overriding it.
The senders who never appear in their own search history for ‘why are my emails going to spam’ aren’t lucky. They’re just running the email deliverability habits that keep diagnostic articles unnecessary — daily Postmaster checks, monthly authentication audits, and engagement segmentation that actually runs.