Why Your Emails Land in Spam (And How to Fix Deliverability)
Deliverability is not luck and it is not a single setting. It's a stack of signals — authentication, reputation, content, list hygiene, and engagement — that receivers weigh together. Here's how to diagnose which one is sinking you, and how to fix it.
EvilMail TeamJune 27, 202612 min read
# Why Your Emails Land in Spam (And How to Fix Deliverability)
You sent a campaign to 5,000 people. The dashboard says it delivered. Almost nobody opened it. Somewhere between "delivered" and "seen" your mail slid into the spam folder, and the frustrating part is that the receiving server will never tell you why. Spam filtering is deliberately opaque — if filters explained their reasoning, spammers would game them in an afternoon.
The good news is that inbox placement isn't magic. Filters weigh a handful of signals, and when your mail gets buried it's almost always one or two of them dragging the rest down. This is a diagnostic problem: figure out which signal is failing, fix that, and placement recovers. What follows is the full set of causes, a checklist to isolate yours, and the specific fixes for each.
First, understand what "delivered" actually means
"Delivered" means the receiving server accepted the message at the SMTP handshake. It says nothing about which folder the message landed in. A mail can be delivered and quarantined at the same time. Your sending platform reports the handshake because that's all it can see — folder placement happens inside the receiver, invisibly, after acceptance.
So the metric that matters isn't delivery rate. It's inbox placement rate, and to measure it you need seed accounts or a placement-testing tool, not your ESP's dashboard. Keep that distinction in mind as we go, because chasing a 99% delivery rate while your open rate craters is exactly the trap most senders fall into.
The five things filters actually judge
Every major filter — Gmail, Outlook, Apple, corporate gateways — evaluates roughly the same five categories. Ranked by how often each one is the real culprit:
1. Authentication — do SPF, DKIM, and DMARC pass and align? 2. Reputation — what's the track record of your sending IP and domain? 3. Engagement — do recipients open, reply, and *not* delete-without-reading? 4. List hygiene — are you hitting dead addresses and spam traps? 5. Content — does the message itself look like spam?
Most people assume it's number five and rewrite their subject line for the tenth time. It's usually one through four. Work them in order.
Cause 1: Broken or missing authentication
If your mail isn't authenticated, modern filters treat it as guilty until proven innocent. Gmail and Yahoo now *require* SPF, DKIM, and a DMARC policy for anyone sending in bulk — no authentication, no inbox, sometimes no delivery at all.
How to check
Send a message to a Gmail account, open it, click the three-dot menu, and choose "Show original." You'll see a header block:
SPF: PASS with IP 212.22.69.210
DKIM: PASS with domain example.com
DMARC: PASS
Three passes is what you want. Any FAIL or NEUTRAL is a direct hit on placement.
The fix
Publish an SPF record listing every service that sends on your behalf, ending in -all or ~all.
Enable DKIM signing on your ESP and publish the public key at the selector your provider gives you.
Publish a DMARC record at _dmarc.yourdomain.com, starting with p=none and tightening once you've confirmed everything passes.
Authentication is the highest-leverage fix on this list because it's binary and it's a prerequisite for everything else. Reputation systems key off your authenticated domain — if the domain can't be verified, there's no reputation to build.
Cause 2: A damaged sender reputation
Every IP and every domain you send from carries a reputation score, built from your sending history: complaint rates, bounce rates, spam-trap hits, and how recipients engage. Filters trust senders with a long clean history and distrust newcomers and backsliders.
The cold-IP problem
A brand-new IP or domain has no reputation, and "no reputation" reads as "suspicious." Blast 50,000 emails from a fresh IP on day one and you'll look exactly like a spammer who just bought a server. The fix is warming up: start with a few hundred sends a day to your most engaged recipients, then double roughly every few days over two to four weeks. Slow, boring, and non-negotiable.
Sudden volume spikes
Even an established sender gets throttled by a sudden 10x jump in volume. If you normally send 2,000 a day and suddenly push 40,000, filters flag the anomaly. Ramp large campaigns instead of firing them all at once.
Check your reputation
Google Postmaster Tools — the single best free source of truth for Gmail. Shows domain reputation, IP reputation, spam rate, and authentication results straight from Google. Set it up today if you haven't.
Blocklist checks — if you've been listed on Spamhaus, SpamCop, or similar, delivery collapses. Check with a multi-blocklist lookup tool. Getting delisted usually means fixing the root cause first, then requesting removal.
Cause 3: Poor list hygiene
The fastest way to wreck a good reputation is to keep mailing a dirty list. Two things hurt you here.
Hard bounces — addresses that don't exist. A high bounce rate tells receivers you don't clean your list, which correlates strongly with spammers who blast purchased data. Keep hard bounces under about 2%, and remove any address that hard-bounces immediately.
Spam traps — addresses that exist only to catch senders with bad acquisition practices. Pristine traps are addresses that were never real signups; recycled traps are abandoned real addresses a provider has repurposed. Hit enough of either and you can land on a blocklist. You can't see traps, so you avoid them by never buying lists and by removing long-inactive addresses.
The fix: sunset inactive subscribers
Counterintuitive but true — mailing people who never open you *lowers* your placement for everyone else, because low engagement is itself a negative signal. Set a sunset policy: if someone hasn't opened anything in, say, six months, move them to a re-engagement sequence, and if that fails, stop mailing them. A smaller engaged list beats a large dead one every time.
Modern filters, Gmail especially, lean heavily on how recipients *behave*. Opens, replies, marking-as-important, and moving a message *out* of spam all help. Deleting without opening, ignoring, and — worst of all — clicking "report spam" hurt, and the damage is domain-wide, not per-campaign.
What tanks engagement
Emailing people who never asked. Purchased and scraped lists produce complaints at rates that torch reputation.
Boring, irrelevant, or too-frequent mail. If your content doesn't earn opens, filters notice the silence.
Burying the unsubscribe link. People who can't find unsubscribe hit "report spam" instead, which is far more damaging than a clean unsubscribe.
The fix
Make unsubscribe obvious and one-click — Gmail and Yahoo now require a List-Unsubscribe header for bulk senders anyway. Segment so people get mail relevant to them. Prune the dead weight (see list hygiene). And genuinely send things worth opening; there's no header that substitutes for that.
Cause 5: Content that trips filters
Content is last because it's usually least of your problems — but it can still sink an otherwise clean sender.
Spam-trigger phrasing. "FREE!!!", "ACT NOW", "100% guaranteed," all-caps subject lines, and rows of exclamation marks still register. You don't need to write like a robot; just don't write like a 2004 infomercial.
Image-only emails. A message that's one big image with no text reads as an attempt to hide content from filters. Keep a real text-to-image balance.
Broken or missing plain-text part. Every HTML email should carry a plain-text alternative. Missing it is a small negative signal and a bad experience on clients that prefer text.
Sketchy links. URL shorteners, mismatched link text, and links to domains with bad reputations all hurt. Link to your own authenticated domain where you can.
Bad HTML. Bloated, malformed markup — often from copy-pasting out of Word — correlates with spam. Use clean, tested email HTML.
A diagnostic checklist
When mail starts landing in spam, work this list top to bottom instead of guessing:
1. Send a test to Gmail, "Show original," confirm SPF, DKIM, DMARC all pass. Fix authentication first if not. 2. Check Google Postmaster Tools for domain/IP reputation and spam rate. 3. Run your sending IP and domain against blocklists (Spamhaus and friends). 4. Review bounce and complaint rates in your ESP. Anything above the warning thresholds above is a fire. 5. Look at open rates by segment — is one source or one list dragging the average down? 6. Confirm a working one-click unsubscribe and List-Unsubscribe header. 7. Run the message through a content/spam scorer and check the text-to-image ratio and plain-text part. 8. Ask: did volume spike recently, or are you sending from a cold IP? If so, warm up.
Tools worth keeping bookmarked
Google Postmaster Tools — free, authoritative Gmail reputation data. Non-optional.
Mail-Tester — send one email, get a 0–10 score with authentication, content, and blocklist checks. The fastest single sanity check.
MXToolbox — DNS, blocklist, and header analysis in one place.
A DMARC report parser — turns the daily XML reports into a readable view of who's sending as you and whether they pass.
Seed-list / placement tools — measure actual inbox-vs-spam placement across providers, the number your ESP can't show you.
The mindset that keeps you out of spam
Deliverability isn't a one-time setup; it's a reputation you maintain. The senders who consistently reach the inbox do three boring things: they authenticate properly, they mail people who want to hear from them, and they remove people who don't. Everything in this guide is downstream of those three habits.
One practical habit worth adopting on the *receiving* side too: when you're signing up for a service you don't fully trust — the kind that will sell your address and bury you in mail — use a disposable inbox like EvilMail instead of your real one. It keeps the junk off your primary address and, by extension, keeps your own engagement signals clean where they matter. Protect the inbox you actually read, and treat the addresses you hand to strangers as expendable.
Fix authentication, watch your reputation, respect your list, and content mostly takes care of itself. Do the opposite and no clever subject line will save you.