Why Is My Email Going to Spam?
Email lands in spam when mailbox providers do not trust the message. The single most common cause is weak authentication - a missing or soft SPF record, no DKIM signing, or no DMARC policy - followed by a blacklisted IP, poor sender reputation, and finally content problems. The causes below are ordered by how often they are the culprit, each with how to detect it and how to fix it. Start at the top and work down; most senders find the problem in the first three.
By the ShowMyIP Editorial Team
First, read the message header
Before changing anything, open a message that went to spam and view its
Authentication-Results header. It states the spf,
dkim and dmarc verdicts the receiver computed, which immediately
points you at the right cause below. You can paste a full header into our
Email Header Analyzer
to read it.
1. Missing or soft SPF (most common)
SPF (RFC 7208) lists the servers allowed to send mail for your domain. If you
have no SPF record, two conflicting records, more than 10 DNS lookups (which causes a
permerror), or you forgot to include a sending platform, receivers cannot confirm
the source is authorized.
Detect: look up the TXT record at your domain apex; you should see exactly one
v=spf1 record listing all senders.
Fix: publish a single record such as
v=spf1 include:_spf.google.com include:sendgrid.net -all, listing every legitimate
source and ending in -all once you are confident the list is complete.
2. No DKIM signing
DKIM (RFC 6376) cryptographically signs your mail so receivers can verify it was not altered and really came from your domain. DKIM also survives forwarding, which SPF does not. Missing DKIM is a frequent reason well-meaning mail looks weakly authenticated.
Detect: send a test message and check for dkim=pass in the
Authentication-Results header; confirm the selector public key exists in DNS at
selector._domainkey.yourdomain.
Fix: enable DKIM in your mail platform's admin console, publish the provided public key in DNS, and verify a test message signs and passes.
3. No DMARC, or DMARC failing alignment
DMARC (RFC 7489) ties SPF and DKIM to the visible From address. Without a DMARC record, or when SPF/DKIM technically pass but do not align with your From domain (common when a third party sends under its own domain), receivers see weak signals and are more likely to filter the mail.
Detect: look up _dmarc.yourdomain and read your aggregate (rua)
reports to see which sources fail alignment.
Fix: publish a DMARC record starting at p=none, confirm every
source aligns, then tighten policy. See our full
DMARC guide.
4. Blacklisted sending IP or domain
If your sending IP or domain is on a DNSBL such as Spamhaus, SpamCop or Barracuda, receivers will filter or reject your mail regardless of authentication. Listings usually follow a compromised account, an open relay, a volume spike, or sending to spam traps.
Detect: check your IP and domain against the major lists with our IP Blacklist Checker.
Fix: remove the root cause first, then request delisting per provider - see My IP is blacklisted for the step-by-step process.
5. Poor sender reputation
Mailbox providers score the reputation of your IP and domain from recipient behavior: opens, replies, deletes-without-reading, spam-button complaints and hitting spam traps. A new IP with no history, a sudden volume spike, or a history of complaints all depress placement even when authentication is perfect.
Detect: watch engagement metrics and any postmaster/reputation dashboards your provider offers; declining opens with rising complaints is the warning sign.
Fix: warm up new sending IPs gradually, send only to engaged recipients, honor unsubscribes immediately, and prune inactive addresses so complaints and bounces fall.
6. Content and list-hygiene problems
With authentication and reputation in order, content is the final lever. A single large image with almost no text, spammy phrasing, broken or shortened/redirecting links, no plain-text alternative, or a missing unsubscribe link all push borderline mail toward spam.
Detect: review the message as both HTML and plain text; check for a working List-Unsubscribe header and a balanced text-to-image ratio.
Fix: include a plain-text part, keep a healthy text-to-image balance, use clear links on domains that match your brand, and always provide a one-click unsubscribe.
Run a full deliverability check
The fastest way to find which cause applies to you is to run a composite check of all the signals at once. Our Domain Email Health Check inspects SPF, DKIM, DMARC, MX and blacklist status together and gives you a prioritized scorecard.
Related tools and guides
- Domain Email Health Check - one composite deliverability scorecard.
- DKIM, SPF & DMARC Lookup - check all three records at once.
- Email Header Analyzer - read the Authentication-Results from a real message.
- IP Blacklist Checker - test your sending IP against DNSBLs.
- DMARC Guide - set up and roll out DMARC safely.
- How to Check Email Deliverability - the full step-by-step workflow.
Frequently asked questions
Why does my email go to spam even though SPF passes?
SPF passing only proves the sending IP is authorized for the envelope sender; on its own it does not align with the visible From header, and it says nothing about DKIM, DMARC, your IP reputation or your content. The most common cause of this exact situation is missing DKIM or a DMARC policy that is failing alignment, so the message looks weakly authenticated to the receiver despite SPF technically passing. Set up DKIM and confirm DMARC alignment to resolve it.
How do I know which of these causes applies to me?
Start by reading the Authentication-Results header of a message that landed in spam: it shows spf, dkim and dmarc results directly. Then check whether your sending IP or domain is on a blacklist, and look at engagement signals (low opens, lots of deletes-without-reading) that drive reputation. Working top-down through the causes on this page, most senders find the problem is a missing or misaligned authentication record.
Will adding SPF, DKIM and DMARC immediately fix spam placement?
Authentication is necessary but not always sufficient. If your domain or IP already has a poor reputation from past spam complaints or a blacklisting, fixing authentication stops the problem getting worse and is the foundation for recovery, but reputation rebuilds over days to weeks of sending wanted mail that recipients open and do not mark as spam. Fix authentication first, then warm up and maintain good sending habits.
Does the content of my email affect spam placement?
Yes, but usually less than authentication and reputation. Spam-trigger phrasing, a single huge image with little text, broken or misleading links, missing a plain-text part, or no working unsubscribe link can all hurt placement. Content rarely sends well-authenticated mail from a good-reputation sender to spam on its own, but it compounds problems when other signals are already weak.
I send from Google Workspace / Microsoft 365 - why is my mail still flagged?
Using a major provider gives you good shared infrastructure, but you still must publish your own SPF (including the provider), enable DKIM signing in the admin console, and publish DMARC. Mail sent through additional third parties (marketing platforms, CRMs) under your domain also needs to be authorized and aligned, or those streams will fail DMARC even though your day-to-day mail is fine.
How this tool works: This tool runs in your browser and on our server in real time. Depending on the tool, results are computed directly from the input you provide or retrieved from live, authoritative data sources at the moment you run a lookup. We do not sell your data, and your lookups are kept private — any history shown here is stored only on your device.