Why your emails are going to spam (and how to find out)

It usually surfaces as an apologetic phone call. “Sorry - found your quote in my junk folder.” Then it happens again. Then a client misses an invoice, a candidate misses an interview confirmation, and “check your spam” quietly becomes part of how people deal with your business.

Spam filtering is not random and it is not personal. Providers such as Google and Microsoft score every incoming message against a set of signals, and when legitimate mail lands in junk, one or more of those signals is working against you. The good news: most of them are diagnosable, several are visible in your domain’s public records right now, and the most common ones are fixable. Here are the causes, roughly in order of likelihood for a typical UK business.

1. SPF failure - your sender is not on your list

Sender Policy Framework (SPF) is the public list of servers allowed to send email for your domain. If a legitimate service - your invoicing platform, your booking system, the CRM the marketing team signed up to last spring - is sending mail without being on the list, every message it sends starts its journey looking suspicious.

The most insidious version is the 10-lookup limit: SPF records that grow as a business adds services eventually exceed a hard technical cap, at which point the entire record fails - for every sender, including your main mail provider - without any warning to you. We find silently broken SPF records constantly. The full mechanics are in What is SPF?.

2. DKIM failure - the signature is broken or missing

DomainKeys Identified Mail (DKIM) is the cryptographic signature proving a message genuinely came from your domain and was not altered. Unsigned mail, or mail whose signature fails because a key was rotated while your DNS records were not updated, loses one of the strongest trust signals a message can carry. Like SPF breakage, DKIM failures are silent: mail keeps flowing, just increasingly into junk. See What is DKIM?.

3. Your DMARC policy - or your lack of one

Domain-based Message Authentication, Reporting and Conformance (DMARC) ties SPF and DKIM together. Its effect on spam placement cuts two ways. A missing DMARC record is itself a negative signal - since 2024, Google and Yahoo have required DMARC outright for anyone sending them 5,000+ messages a day, and they weigh it for everyone else. Meanwhile a present DMARC policy at quarantine dutifully sends your own mail to junk wherever your SPF or DKIM is failing - your own instruction, faithfully executed against you.

4. Blacklisting - your reputation has a record

Blacklists (DNS blocklists) are shared registers of IP addresses and domains associated with spam. Land on one - through a compromised mailbox sending spam, a marketing misstep, or sharing sending infrastructure with someone worse behaved - and receiving servers across the world start junking or refusing your mail wholesale. Most businesses on a blacklist have no idea; nobody sends a letter. We cover how listing and delisting work in Email blacklists: what they are and how to check yours.

5. Volume and sending patterns

Mail providers profile what normal looks like for your domain. A sudden spike - the annual newsletter to every contact you have ever met, sent in one burst from a domain that usually sends forty messages a day - looks exactly like a compromised account, and gets treated like one. Sustained sending to stale lists full of dead addresses does similar damage, because high bounce rates are a classic spam signature.

6. Engagement signals

The slowest-moving factor: providers watch what recipients do. Mail that is consistently deleted unread, never replied to, or - fatally - marked as spam by even a small number of recipients drags your domain’s reputation down for everyone you email. This one has no DNS fix; it is about sending things people want, to people who asked.

The diagnostic shortcut: your DMARC reports

Here is the part most deliverability advice misses. Causes one to three - the authentication failures, which dominate in practice - are not just fixable; they are visible, because DMARC’s daily aggregate reports show you exactly which of your sending sources are failing SPF or DKIM, from the perspective of the providers doing the filtering. A business reading its DMARC reports finds out its invoice platform broke its DKIM signature this week. A business not reading them finds out from customers, months later.

That is the diagnostic loop SealedMail runs for subscribers: reports received, interpreted, and any authentication failure affecting your legitimate mail flagged in plain English in your weekly email - before the junk-folder phone calls start. One honest boundary: nobody can guarantee inbox placement, and SealedMail does not. What monitoring does is eliminate the self-inflicted causes and tell you promptly when something breaks.

Find your cause in one pass

Causes one to four are all assessable from your domain’s public footprint right now. SealedMail’s Free Domain Health Check examines your SPF record (including the lookup limit), DKIM setup, DMARC policy, MTA-STS, TLS-RPT, BIMI and your blacklist status across the major registers - and emails you a scored certificate explaining, in plain English, what is hurting your deliverability and what to fix first. Free, no sign-up, no sales call. If your emails are going to spam, the reason is very likely on that certificate.