Why Emails Go to Spam and How to Fix It
You build the campaign, write the subject line, check the design on mobile, press send and watch the open rate settle at 4%. Not 24%. Four. The emails were delivered, the dashboard says so, but almost nobody opened them because the messages landed in the spam folder. The subscribers who would have clicked, bought or replied never saw the email at all.
This is the most common deliverability failure in email marketing, and it is almost always preventable. Spam filters do not flip a coin. They evaluate a stack of signals, from authentication records to engagement history to content patterns, and they make a deterministic call: inbox or junk. If you know which signals they check and you get those signals right, your campaigns reach the primary inbox consistently. If you ignore them, even a well-written email to a willing subscriber disappears.
This guide is a sender's checklist. It covers why emails go to spam, how to diagnose the problem before the next campaign, how to set up the technical foundation, what Google, Yahoo and Microsoft now require from bulk senders, how to keep a list clean, how to warm up sending volume, what content signals trigger filters, and how MailGraf handles all of it for its customers.
Why emails go to spam
Spam filters in 2026 are not keyword scanners. Gmail, Yahoo and Outlook run machine-learning models that weigh sender history, recipient behaviour and technical signals together. A message lands in spam when enough of those signals point in the wrong direction at the same time.
Missing or broken authentication. If SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail) or DMARC (Domain-based Message Authentication, Reporting and Conformance) records are absent or misconfigured, the receiving server has no way to verify that the message came from an authorised source. Since November 2025, Gmail rejects unauthenticated bulk sends outright rather than filtering them to spam. The SPF, DKIM and DMARC guide walks through the full setup.
High bounce rate. Sending to addresses that do not exist produces hard bounces, and hard bounces tell mailbox providers that the list is unmaintained. The informal industry ceiling is 5%. Cross it on a single campaign and the IP and domain reputation start sliding.
Low engagement. If subscribers stop opening and clicking, filters read it as "the audience does not want this." Over time, messages from the same sender are routed to spam automatically, even for subscribers who used to engage. Segmentation is the most direct fix: smaller, targeted sends to people who care.
No permission. Purchased, scraped or rented lists contain spam traps and contacts who never opted in. A single pristine trap hit can land you on a blocklist. Permission-based collection is the only safe foundation.
Spam-triggering content. All-caps subject lines, excessive exclamation marks, high image-to-text ratio, URL (Uniform Resource Locator) shorteners that mask the real destination, and classic trigger phrases still add points to the spam score. None of these is fatal on its own, but stacked together they tip the verdict.
High complaint rate. When recipients click "Report spam" instead of unsubscribing, the mailbox provider logs a negative signal against the sender. Google and Yahoo set the ceiling at 0.3%. On a 10,000-address campaign, 30 complaints cross the line. The sender reputation guide explains how complaint signals compound over time.
How to tell if your emails are going to spam
Many senders discover the problem only when someone on the team asks "why did nobody reply to that campaign?" By then the damage has been accumulating for weeks. Here are five ways to catch it early.
1. Watch the open rate trend. A healthy marketing campaign lands in the 15-25% open-rate range depending on the sector. If opens drop below 5% on a list that was performing normally, the emails are almost certainly being filtered. One bad campaign is a content problem. Three in a row is a deliverability problem.
2. Run a spam test before every send. mail-tester.com is a free, SpamAssassin-based tool that scores your email on a 10-point scale. The process takes two minutes: the site gives you a temporary address, you send your test email to that address, and the results page shows your spam score, which authentication checks passed, whether your IP (Internet Protocol) is on any blocklist, and which content rules fired. A score below 7 means the email needs work before it goes to the real list. At MailGraf, we recommend running this test before every bulk send.
3. Send test emails to real inboxes. Before the campaign goes out, send a copy to your own Gmail, Outlook and Yahoo accounts. Check whether it lands in the primary inbox, the Promotions tab or the spam folder. This is a rough test because your own accounts may trust your domain more than a cold recipient's account would, but it catches the worst failures instantly.
4. Use Google Postmaster Tools. Postmaster Tools is a free dashboard that shows your domain and IP reputation as Gmail sees it, the percentage of your messages that are authenticated, the spam rate Gmail is recording, and whether any of your messages are failing DMARC. If your domain reputation shows "Low" or "Bad," the problem is already serious and the next campaign will make it worse unless you act first.
5. Read the bounce report after every campaign. A professional sending platform suppresses hard-bouncing addresses automatically, but it also shows you the suppression rate. A rate that is stable at 1-2% is normal list decay. A rate that is climbing send over send means the list is decaying faster than the cleaning cadence, and a full email verification pass should be the next step.
Authenticate your domain: SPF, DKIM and DMARC
Authentication is the entry ticket. Without it, nothing else in this checklist matters because the message will be rejected before the content or engagement signals are even evaluated.
SPF is a DNS (Domain Name System) TXT (text) record that lists which servers are allowed to send email on behalf of your domain. The receiving server checks the sending IP against this list. If the IP is not there, SPF fails.
DKIM adds a cryptographic signature to the message header. The receiving server uses the public key published in your DNS to verify that the message was not altered in transit and that it genuinely came from the domain it claims. Rotate DKIM keys once a year as a standard security practice.
DMARC sits on top of SPF and DKIM and answers a policy question: "What should the receiving server do with a message that fails both checks?" The three policy levels are:
| Policy | What it does | When to use it |
|---|---|---|
p=none | Monitor only, deliver everything | Starting out, observing traffic |
p=quarantine | Send failures to spam | After SPF and DKIM are confirmed working |
p=reject | Block failures entirely | Full protection, stops spoofing |
Start at p=none, read the DMARC aggregate reports for two to four weeks, fix any legitimate sources that are failing, then move to p=quarantine and eventually p=reject. The SPF, DKIM and DMARC guide covers each step in detail, and the Return-Path configuration guide explains why the envelope sender alignment matters for SPF to pass DMARC.
Google, Yahoo and Microsoft sender requirements
2024 was a turning point. Google and Yahoo introduced mandatory requirements for bulk senders (anyone sending more than 5,000 messages a day to their domains). Microsoft followed in May 2025 with similar rules for Outlook and Hotmail. These are not recommendations. Non-compliance leads first to temporary errors, then to permanent rejection.
What is now mandatory for bulk senders (2026):
- SPF and DKIM together (one alone is not enough)
- A published DMARC record (minimum
p=none) - Spam complaint rate below 0.3% as measured by Google Postmaster Tools
- One-click unsubscribe compliant with RFC (Request for Comments) 8058, the email standard for subscription management
- Valid PTR (Pointer, the reverse DNS record) and RFC 5322 (the internet message format standard) compliance
Enforcement timeline:
| Date | What happened |
|---|---|
| February 2024 | Google and Yahoo bulk sender rules take effect |
| April 2024 | Google begins gradually rejecting non-compliant messages |
| June 2024 | Full enforcement: non-compliant emails rejected |
| May 2025 | Microsoft applies similar requirements to Outlook and Hotmail |
| November 2025 | Gmail tightens enforcement: non-compliant emails permanently rejected |
Even if you send fewer than 5,000 emails a day, SPF, DKIM and DMARC are now the baseline expectation. Providers are applying the same logic at lower volumes; the 5,000 threshold simply determines when enforcement becomes automatic rather than probabilistic.
Clean your list before and after every campaign
A clean list is the single highest-leverage action in this entire checklist. Every other signal improves when the list is accurate: bounce rate drops, engagement rate rises, complaint rate falls, and the reputation that ties them all together strengthens.
Run email verification before the first send on any dormant or imported list. Lists that have been sitting for six months or longer routinely hide 15-30% invalid addresses. One campaign against that decay is enough to trigger a reputation hit that takes weeks to repair. The email verification guide covers the full process, from syntax checks through SMTP probes to spam-trap detection.
Use double opt-in on signup forms. Double opt-in requires the subscriber to confirm the address by clicking a link in a confirmation email. It blocks typos, bots and fake signups at the point of entry. The opt-in and permission-based email guide explains the mechanics and the UK (United Kingdom) PECR (Privacy and Electronic Communications Regulations) context.
Remove unengaged subscribers on a schedule. Contacts who have not opened or clicked in six months drag engagement metrics down and increase the probability of hitting a recycled spam trap. Send a re-engagement campaign first. If there is no response, suppress the address. A smaller, active list outperforms a larger, cold one on every metric that matters.
Never buy or rent a list. Purchased lists are the fastest route to a blocklist. They contain spam traps, abandoned addresses and people who never heard of you. A single campaign to a bought list can undo months of reputation building. Under PECR, sending marketing email to individuals without prior consent is a regulatory offence, and the ICO (Information Commissioner's Office) can fine up to £500,000 for serious breaches.
Read the bounce report after every send. Hard bounces should be suppressed immediately. Soft bounces that repeat across three or four consecutive campaigns should be promoted to the suppression list. A bounce rate that stays below 2% is the target; anything above 5% on a single send is an emergency.
IP warming: how to ramp up sending volume safely
If you move to a new sending IP or a new domain, the receiving servers have no history to judge you by. Sending 20,000 emails on day one from an unknown IP looks identical, to the filter, to a spammer who just spun up a fresh server.
IP warming is the process of increasing sending volume gradually so that mailbox providers can observe consistent, positive engagement signals and build a reputation profile before you reach full volume. It is most relevant when using a dedicated IP, but the principle applies whenever sending infrastructure changes.
Recommended warming schedule:
| Days | Volume per day | Focus |
|---|---|---|
| 1-3 | 200-500 | Most engaged subscribers only (recent openers/clickers) |
| 4-7 | 500-1,000 | Monitor open rate and bounce rate closely |
| 8-14 | 1,000-3,000 | Increase only if metrics are healthy |
| 15-21 | 3,000-5,000 | Watch spam complaint rate in Google Postmaster Tools |
| 22-30 | 5,000-10,000 | Approach target volume gradually |
If bounce rate spikes, open rate drops sharply or complaints climb at any stage, pause, diagnose and fix before resuming. Pushing through a bad signal during warming causes more lasting damage than the same signal would on an established IP, because the reputation baseline is still being written.
On a shared IP (which is what most ESPs, including MailGraf, provide for standard accounts), the ESP handles reputation management across all customers on the pool. The warming requirement disappears for the individual sender, but the sending volume still needs to be consistent. Irregular patterns, such as sending nothing for two months and then blasting 50,000 in a day, look suspicious even on a warm, shared IP.
Content and design signals that trigger spam filters
Technical setup and list hygiene handle the infrastructure side. Content handles the last mile: what the filter sees when it opens the message and decides whether it looks like something the recipient asked for.
Subject line. Avoid all-caps, excessive punctuation (!!!) and classic trigger phrases. Misleading subjects (using "RE:" or "FWD:" on a message that is neither a reply nor a forward) are a direct violation of anti-spam regulations and a strong spam signal. A clear, honest subject line that matches the body content is the safest and most effective approach.
Image-to-text ratio. Emails built entirely from images trigger filters because early spammers used image-only emails to bypass text-based keyword scanning. The fix is straightforward: every email should contain enough real text that the message makes sense even if images are disabled. Add alt text to every image for both accessibility and spam-score reasons.
HTML structure. Broken HTML (HyperText Markup Language), deprecated tags, inline JavaScript and CSS (Cascading Style Sheets) hacks designed to hide text all raise the spam score. Keep the HTML clean, test rendering across clients, and include a plain-text alternative for every HTML (HyperText Markup Language) email.
Links. Avoid URL shorteners (bit.ly, tinyurl) in marketing emails. Spammers use them to mask malicious destinations, and filters treat shortened URLs as a risk signal. Link only to domains you control or trust, and make sure every link resolves correctly.
Unsubscribe vs report spam. The unsubscribe link is the pressure valve that keeps complaint rate low. If the link is buried, hard to find or requires multiple steps, frustrated subscribers reach for the spam button instead. A visible, one-click unsubscribe in the header or footer protects your reputation more than any other single content decision.
Spam folder vs Promotions tab. Gmail's Promotions tab is not the spam folder. Emails in Promotions are visible, searchable and accessible. The Promotions tab is Gmail's way of categorising commercial email, not penalising it. A campaign in Promotions still reaches the subscriber; a campaign in spam does not. Focus on staying out of spam first. Moving from Promotions to Primary is a separate, engagement-driven optimisation that matters far less than the spam/inbox divide.
How MailGraf keeps campaigns out of spam
MailGraf's approach to deliverability starts at onboarding and runs continuously through every send. The platform is built on the assumption that preventing spam-folder placement is cheaper and faster than recovering from it.
DNS setup on day one. Every new customer goes through a guided domain authentication process. SPF, DKIM and DMARC records are configured before the first campaign is sent. The Return-Path CNAME (Canonical Name) record is part of the same setup, ensuring SPF alignment and full DMARC compliance from the first send.
List verification at import. New lists are checked for invalid addresses before they are cleared for sending. Lists with an invalid rate above 5% go through a full email verification pass. This single step eliminates the most common source of early reputation damage: a legacy list full of dead addresses.
Automatic bounce suppression. Hard bounces are suppressed immediately and blocked from every future campaign. Soft bounces that persist across consecutive sends are promoted to the suppression list. The customer does not need to manage this manually, though the data is visible in every campaign report.
Complaint-rate monitoring. Spam complaint rates are tracked per customer and per campaign. If a customer approaches the 0.3% threshold, the platform flags it before the next send and recommends corrective action: list cleaning, re-engagement campaign or content review.
Pre-send spam test. Every campaign can be tested against a SpamAssassin-based scoring engine before it goes out. The test returns the score, the rules that fired and what to fix. Two minutes of testing prevents days of degraded deliverability.
CSA-certified infrastructure. MailGraf's sending infrastructure holds CSA (Certified Senders Alliance) certification, which provides IP reputation monitoring, proactive blocklist prevention and whitelisting with major European mailbox providers. The anti-spam certification guide explains how CSA works and why the certification adds a layer that individual senders cannot replicate on their own.
Frequently asked questions
Why do my emails go to spam instead of the inbox?
The most common causes are missing authentication (SPF, DKIM or DMARC not configured), a high bounce rate from sending to invalid addresses, low subscriber engagement that tells filters the audience does not want the content, and a complaint rate above 0.3%. Fixing these four signals resolves the problem for the majority of senders. The checklist above covers each one in detail.
How do I test my email spam score before sending?
Send your email to mail-tester.com. The site gives you a temporary address, you send your test email to it, and the results page returns a score out of 10 along with a breakdown of which checks passed and which failed. A score of 9 or 10 is clean. Below 7 means there are issues worth fixing before the campaign goes to the real list.
What is a good spam complaint rate?
Google and Yahoo require bulk senders to stay below 0.3%. On a 10,000-address campaign, that is 30 complaints. In practice, a well-maintained list with engaged subscribers and a visible unsubscribe link should sit below 0.1%. Anything above 0.3% on consecutive campaigns triggers throttling, then spam-folder routing, then permanent rejection.
Is the Gmail Promotions tab the same as spam?
No. The Promotions tab is a categorisation feature, not a penalty. Emails in Promotions are delivered, visible and searchable. Emails in spam are hidden and the subscriber almost never sees them. Being in Promotions reduces open rates compared to Primary, but it is a fundamentally different situation from being in spam. Focus on keeping campaigns out of spam first; optimising for Primary tab placement is a secondary concern that depends mainly on engagement signals and send frequency.
How often should I clean my email list?
Before the first send on any dormant or imported list. For active lists over 50,000 contacts, monthly. For smaller lists with real-time verification on the signup form, quarterly. After every campaign, read the bounce report and react early if suppression rates start climbing. The goal is a steady cadence, not a panic response after deliverability has already dropped.
What is IP warming and do I need it?
IP warming is the process of gradually increasing sending volume on a new IP address so that mailbox providers can build a positive reputation profile before you reach full volume. It takes two to four weeks and follows a day-by-day ramp. You need it if you are moving to a dedicated IP or switching ESPs. On a shared IP (which most MailGraf customers use), the ESP manages the pool reputation and warming is handled at the platform level.
Do spam trigger words still matter in 2026?
Individual words carry far less weight than they did a decade ago. Modern filters use machine-learning models that look at content, sender history and engagement together, not keyword lists in isolation. That said, stacking multiple triggers (all-caps subject, excessive punctuation, classic phrases like "ACT NOW" or "100% FREE") in a single email still adds enough points to tip the score. The safest approach is to write naturally and test with mail-tester before sending.
If you want MailGraf to review your authentication setup, run a deliverability audit, or verify your list before your next campaign, get in touch and we will walk through it together.
Originally published: Apr 13, 2026
Professional email marketing platform.
Don't miss out
Get the latest email marketing tips and exclusive updates.