Why Is My Email Going to Spam? The 2026 Technical Guide to Fixing Email Deliverability
subhendu singhYou hit send on a carefully crafted email. Your open rates are flat. Your click-through rates are worse. Your subscriber list keeps growing, but engagement is mysteriously declining. The culprit isn’t your copy — it’s email deliverability.
The numbers are stark: According to Unspam’s 2025 Email Deliverability Benchmark, only 60% of all emails reach a visible inbox. Another 36% are filtered to spam, and 4% are blocked entirely. That means 4 out of 10 emails your team spends hours creating are never seen.
This guide covers the technical root causes of poor email deliverability — and the specific, actionable fixes that move inbox placement from average to exceptional. We’ll cover subdomain strategy, authentication setup, sender reputation mechanics, HTML structure, list hygiene, and the email client signals that determine where your emails land.
What “Email Deliverability” Actually Means (vs. Email Delivery)
These two terms are often used interchangeably, but the difference matters enormously:
- Email delivery means your email was accepted by the recipient’s mail server. The server said “OK.” That’s all.
- Email deliverability determines what happens after delivery — whether the email lands in the primary inbox, the spam folder, Gmail’s Promotions tab, or gets rejected entirely.
When your email platform shows “98% delivered,” that number is misleading. Delivered doesn’t mean seen.
Modern mailbox providers — Gmail, Yahoo, Outlook, Apple Mail — use machine learning models trained on billions of emails to make inbox placement decisions. These models evaluate sender reputation, engagement history, authentication status, content patterns, and sending infrastructure. Understanding how each of these components works is the foundation of fixing deliverability.
The 8 Root Causes of Poor Email Deliverability in 2026
1. No Subdomain Strategy: You’re Sending Everything from One Domain
The most common and most preventable deliverability mistake in SaaS teams: sending transactional emails, marketing campaigns, and cold outreach from the same domain.
Here’s why this destroys your reputation:
One spam complaint from a marketing campaign gets your main domain flagged. Suddenly your password reset emails — the most critical transactional touchpoint in your product — are landing in spam. Users can’t log in. Support tickets spike. Churn follows.
This is entirely preventable with a subdomain strategy.
How to structure your email subdomains:
| Subdomain | Purpose | Risk Profile | Notes |
|---|---|---|---|
transact.yourdomain.com | Welcome flows, password resets, receipts, notifications | Lowest | Highest importance; keep pristine |
comms.yourdomain.com | Marketing campaigns, newsletters, product announcements | Medium | Isolated from transactional reputation |
notify.yourdomain.com | Product updates, changelog, non-critical alerts | Low | Predictable, consistent volume |
cold.yourdomain.com | Cold outreach, sales emails | High risk | Full isolation; never share with other sends |
Each subdomain has its own sender reputation, its own SPF/DKIM records, and its own DMARC policy. A reputation crisis in one subdomain doesn’t touch the others.
Best practice: At minimum, separate transactional and marketing into different subdomains. Full isolation (separate subdomains per sending purpose) is the gold standard used by companies with sophisticated email programs.
2. Missing or Misconfigured Email Authentication (SPF, DKIM, DMARC)
Starting February 2024, Google and Yahoo made email authentication mandatory for all bulk senders (5,000+ emails/day). Senders without proper SPF, DKIM, and DMARC configurations face automatic throttling or blocking. Fully authenticated emails are 2.7 times more likely to reach the inbox (Return Path’s 2023 Federal Delivery Report).
SPF (Sender Policy Framework)
SPF verifies which mail servers are authorized to send email for your domain. You publish it as a DNS TXT record.
How it works: When a receiving server gets an email from user@yourdomain.com, it looks up the SPF record at yourdomain.com and checks whether the sending server’s IP is listed as an authorized sender.
Common SPF mistakes:
| Mistake | Consequence |
|---|---|
| Exceeding 10 DNS lookups | SPF permerror, authentication fails entirely |
| Outdated include statements after switching ESPs | Old ESP servers still appear authorized; new ones aren’t |
Using ~all instead of -all | Soft fail (warnings only); not strong enough for strict receivers |
| Missing include for cloud platforms (AWS SES, SendGrid, Postmark) | Emails bounce or fail DMARC |
Correct implementation: Use -all (hard fail) and keep DNS lookups minimal. For multiple providers, use IP ranges or a: mechanisms instead of stacking include: statements.
DKIM (DomainKeys Identified Mail)
DKIM attaches an encrypted cryptographic signature to every outgoing email. The receiving server decrypts it using your public key published in DNS.
Why DKIM matters more than most teams realize: Without DKIM alignment, Google cannot confirm that an email claiming to be from @yourdomain.com actually originated from your infrastructure. DMARC cannot pass without DKIM passing. DKIM is the foundation.
Implementation notes: Generate 2048-bit DKIM keys for maximum security. Test thoroughly across Gmail, Outlook, and Apple Mail before deploying — these three clients have the most inconsistent DKIM handling.
DMARC (Domain-Based Message Authentication, Reporting & Conformance)
DMARC ties SPF and DKIM together and instructs receiving servers on what to do when authentication fails.
DMARC policy levels:
| Policy | What It Does | When to Use |
|---|---|---|
p=none | Monitor only; no action taken | Always start here for 2-4 weeks minimum |
p=quarantine | Failed emails sent to spam | Only after aggregate reports show 0% auth failures |
p=reject | Failed emails rejected entirely | Only after months of clean reports with p=quarantine |
The most important DMARC setting most people ignore: The rua (aggregate report email) and ruf (failure report email) tags. These send you XML reports showing which IPs are sending for your domain, which are failing authentication, and which legitimate sources need to be added to SPF/DKIM.
Recommended starting record:
v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com; ruf=mailto:dmarc-reports@yourdomain.com; pct=1003. Sender Reputation: The Three Measurable Components
Your domain reputation accounts for approximately 40% of inbox placement decisions (ValiMail, 2023 Email Authentication Report). Unlike engagement metrics, which are opaque, each of these three components is directly measurable.
Bounce Rate (Maximum: 2%)
Every hard bounce — an email address that doesn’t exist or is permanently undeliverable — permanently damages your sender reputation at the IP and domain level. Gmail tracks cumulative bounce rates over time.
Why it compounds: A 2% bounce rate on 10,000 emails means 200 failed deliveries. That signals poor list hygiene, which Gmail penalizes by routing future emails to spam preemptively.
How to fix it:
- Run email verification on every list before your first send
- Use real-time validation APIs (ZeroBounce, NeverBounce, AbstractAPI) at signup to catch typos and invalid addresses immediately
- Remove hard bounces immediately and permanently — never retry them
Spam Complaint Rate (Maximum: 0.1-0.3%)
Google publishes your spam rate in Google Postmaster Tools. The threshold for automatic throttling is approximately 0.3%. Exceed it, and Gmail begins routing your emails to spam — sometimes permanently.
What triggers complaints:
- Sending to people who didn’t explicitly sign up
- Subject lines that feel misleading or clickbaity
- Emails that arrive unexpectedly (users forgot they signed up)
- Broken or hidden unsubscribe flows
The definitive fix: Double opt-in. Send a confirmation email the moment someone enters their address. They don’t receive any marketing emails until they click to confirm. Conversion rates drop slightly (typically 10-20% drop in final subscriber count). But every person on your list actively chose to be there, which means complaint rates stay near zero.
Engagement Signals (The Invisible Weight)
Open rates, click rates, reply rates, and time spent reading all feed into Gmail’s engagement model. This is the least directly measurable component — Google doesn’t publish exact weights — but Google Postmaster Tools shows “user engagement” categories that correlate with delivery quality.
The death spiral: Low engagement → Gmail assumes email is unwanted → routes to spam → fewer people see it → engagement drops further → repeat.
The fix is not a technical hack: Write emails people actually want to open. Segment your lists by engagement. Send relevant content to people who’ve shown interest. Don’t blast your entire database with the same campaign.
4. Email HTML Structure: What Actually Constitutes Good vs. Bad
According to Litmus’s 2024 Email Rendering Analytics report, 74% of emails have structural HTML problems that impact rendering or deliverability. Poor HTML structure can increase spam filter hits by 18-25% (HubSpot Email Research, 2024).
What “poor email HTML” actually means in practice:
| Problem | Why It’s Bad | Impact |
|---|---|---|
| Tables nested more than 3 levels deep | Email clients can’t parse deeply nested tables consistently | Rendering failures, broken layouts in Outlook |
CSS in <style> tags | Gmail’s Content Security Policy blocks external stylesheets | Styles don’t load, email looks broken |
| Missing alt text on images | Image-only emails are a spam hallmark; also bad for accessibility | Triggers spam filters, fails accessibility standards |
| Images over 100KB total | Large images trigger spam filters and load slowly | Lower engagement, spam flags |
| No plain-text version | Missing fallback breaks email for text-only clients | Deliverability issues, broken rendering |
Improper DOCTYPE or missing <html>/<head>/<body> | Email clients use different parsing; missing tags cause unpredictable rendering | Inconsistent display across clients |
| Inline styles mixed with class-based styles | Gmail strips class-based styles; elements lose formatting | Broken design in Gmail specifically |
What good email HTML structure looks like:
- Table-based layouts — Yes, really. Email clients (especially Outlook) still require table markup for reliable rendering. This is not 2005 web development — it’s email-specific requirements.
- Maximum 2-level table nesting — Deep nesting causes parsing failures.
- All styles inlined — No external stylesheets. Every style must be an inline
style=""attribute. - Images under 100KB total — Compress aggressively. Use WebP format where supported.
- Meaningful alt text on every image — Describe the image; this also helps with accessibility.
- Full DOCTYPE declaration —
<!DOCTYPE html>at the top. - Plain-text fallback — A text version of every email, auto-generated or written manually.
Practical recommendation: Unless your team has dedicated email development expertise, don’t write email HTML from scratch. Use professionally validated templates that have been tested across Gmail, Outlook, Apple Mail, Yahoo, and other major clients. The rendering quirks are deep and constantly changing.
5. Tracking Domains and Link Reputation: Why Your Own Domain Matters
Open tracking and click tracking are useful for measuring engagement — but if implemented incorrectly, they destroy deliverability.
The shared tracking domain problem: Most ESPs let you use their shared tracking domains (e.g., ct.sendgrid.net or ln.getdrip.com). These domains are used by thousands of senders simultaneously. If even one of those senders is sending spam, your deliverability reputation is entangled with theirs.
Best practice: Use a custom subdomain for tracking.
Configure a subdomain like track.yourdomain.com or links.yourdomain.com and point it to your ESP’s CNAME. This isolates your open/click data reputation from every other sender on your ESP’s platform.
The same-domain link advantage: Gmail’s models evaluate link reputation as part of their spam assessment. Links pointing to the same root domain as your sending subdomain are treated as first-party signals. The more links in your email point to your own domain, the more Gmail associates the email with legitimate, self-referential communication.
Rule of thumb: Aim for the majority of links in any email to point to your own domain. If 8 out of 10 links go to random third-party sites, Gmail reads it as a promotional blast. If 8 out of 10 links go to your own product, it reads as genuine product communication.
This has practical implications for how you structure emails: a receipt with 3 links to your product, 1 link to a support article on your domain, and 0 links to external ad networks will always outperform a newsletter with 10 links to affiliate content.
For unsubscribe links specifically: Don’t use redirect services with shared domains. Google specifically evaluates the speed and cleanliness of unsubscribe link resolution. Shared redirect domains with 30-day redirect chains are a recognized spam signal.
6. Domain Warmup: The Technical Process Most Teams Skip
New domain + sudden high volume = automatic spam filter trigger. Every time.
According to GlockApps data on new sender warmup, domains that send more than 500 emails/day in their first week of existence see an average 20-40% drop in inbox placement that can take 4-6 weeks to recover from.
What proper warmup looks like:
| Week | Daily Volume | Target Audience | Notes |
|---|---|---|---|
| 1 | 50-100 emails/day | Top 10% most engaged subscribers | Only people who’ve opened in the last 30 days |
| 2 | 150-200 emails/day | Top 20% engaged | Watch bounce rate closely |
| 3 | 300-500 emails/day | Top 30% engaged | Check Google Postmaster Tools daily |
| 4 | 800-1,000 emails/day | All engaged segments | Confirm reputation is building |
| 5-6 | Scale to full list | Full database | Monitor complaint rates throughout |
Services that help: Warmbox, Mailwarm, and some ESPs (Resend, Postmark) handle warmup automatically as part of their infrastructure. If your ESP doesn’t offer automatic warmup, budget for a warmup service — the alternative is weeks of poor deliverability while your domain builds reputation the hard way.
7. Double Opt-In: The One Change That Fixes Everything Downstream
If you implement only one change from this entire guide, implement double opt-in.
How it works: When someone enters their email address, they immediately receive a confirmation email with a single clickable link. Nothing else happens until they click it. Only then are they added to your active list.
Why it matters for deliverability:
- Zero spam complaints — Every subscriber explicitly confirmed their address.
- Higher engagement rates — People who took an extra step to confirm are more likely to engage.
- Cleaner data — No typos, no disposable email addresses, no spam traps.
- Better sender reputation — High engagement + low complaints = excellent inbox placement.
The tradeoff: your final subscriber list is 10-20% smaller than it would be with single opt-in. But every single person on it actually wants to be there. That quality is worth more than volume.
8. Gmail’s Intent Analysis: Why “Less Markety” Language Actually Helps Deliverability
This is the 2025 factor most technical guides still miss. Gmail’s AI models — specifically TensorFlow-based spam classifiers — don’t just scan for keywords. They analyze language patterns to assess whether an email represents genuine communication or commercial promotion.
Language patterns that hurt inbox placement:
- Subject lines with excessive urgency or sales pressure (“ACT NOW,” “Limited Time,” “Get 50% Off Today Only!!!“)
- Marketing-heavy language in the first 100 words of the body
- Generic greetings (“Dear Valued Customer”) instead of personalized names
- High link density — more than 4 links in a short email
- Subject/body mismatch (clickbait subject, then generic or disappointing body)
- HTML-heavy, image-heavy emails with minimal conversational text
Language patterns that help:
- Subject lines that accurately reflect body content
- Conversational, specific language in the opening (“Here’s what happened with your account” vs. “Important Update From Our Team”)
- Two-way email patterns — Gmail treats transactional reply-chain emails (account-created, password-reset, receipt) differently from one-way broadcast marketing
- Low-pressure CTAs that invite rather than demand (“Let me know if you have questions” vs. “Click Here Now to Buy”)
Practical implication: Your welcome email, onboarding sequence, and product notification emails should read like actual communications — personal, specific, helpful. Not like marketing broadcasts with a friendly tone. The moment Gmail categorizes an email as promotional, it routes it to the Promotions tab regardless of authentication status.
Tools to Test and Monitor Your Email Deliverability
Before you send to your full list — test. Here are the tools that give you actionable data:
MXToolbox (mxtoolbox.com)
A free, fast DNS and SMTP diagnostic tool. Enter your domain and run checks on SPF, DKIM, DMARC, and MX records simultaneously. Shows propagation status and any misconfigurations within seconds.
What to use it for: Confirm your authentication records are published correctly before your first major send or after changing ESPs. Green checkmarks across SPF, DKIM, and DMARC = ready to send.
Google Postmaster Tools (postmaster.google.com)
Free. Requires domain ownership verification via DNS TXT record. Once verified, it shows:
- Domain reputation — Bad / Poor / Medium / Good (the single most important number)
- Spam rate % — If this exceeds 0.3%, you’re in danger of throttling
- Authentication rates — What % of your emails pass SPF/DKIM/DMARC
- Delivery errors — Specific error types and volumes
What to use it for: Weekly monitoring. Check it every time you change your sending infrastructure, switch ESPs, or launch a new subdomain.
Mail-Tester (mail-tester.com)
Free. You get a unique email address, send a test email to it, then click “check your score.” You receive a /10 score along with a detailed breakdown.
What it checks: SPF pass/fail, DKIM pass/fail, DMARC alignment, SpamAssassin content score, HTML structure issues, link analysis, plain-text version presence.
What to aim for: 10/10. If you’re not at 10/10, the report tells you exactly what’s failing and how to fix it. Run this before any major send or after making changes to your email infrastructure.
GlockApps (glockapps.com)
Inbox placement testing. Send a test email to GlockApps’ seed list, and it delivers to real accounts across Gmail, Outlook, Yahoo, and other providers — then reports back exactly where each email landed (inbox, spam, or Promotions tab).
What to use it for: Before major campaigns, especially if you’re sending to 10,000+ recipients. Also useful after any deliverability problem — it tells you whether your fixes actually worked.
ZeroBounce / NeverBounce (for list verification)
Email list verification services. Run your entire subscriber list through one of these before any major send, especially if you haven’t cleaned it in 90+ days.
- ZeroBounce — ZeroBounce.net
- NeverBounce — NeverBounce.com
Both offer API integrations for real-time verification at signup, bulk list cleaning, and guaranteed accuracy rates (typically 98%+).
Email Deliverability Checklist: Technical Actions in Order of Impact
| Priority | Action | Impact | Effort |
|---|---|---|---|
| 1 | Separate sending into subdomains (transact vs. comms) | Highest | Medium |
| 2 | Implement double opt-in on all list captures | Highest | Low |
| 3 | Configure SPF, DKIM, and DMARC (p=none initially) | Highest | Medium |
| 4 | Run email list verification before first send | High | Low |
| 5 | Set up Google Postmaster Tools monitoring | High | Low |
| 6 | Implement custom tracking subdomain | High | Low |
| 7 | Follow 6-week domain warmup protocol for new domains | High | Medium |
| 8 | Remove subscribers with 90+ days of no engagement | Medium | Low |
| 9 | Use validated HTML templates (not hand-coded) | Medium | Low |
| 10 | Audit subject lines for intent-signal quality | Medium | Low |
FAQ: Common Email Deliverability Questions
Q: How do I check if my emails are going to spam? Use Google Postmaster Tools (free) to see your domain reputation, spam rate, and authentication results. Run inbox placement tests with GlockApps or MailReach to simulate what Gmail, Yahoo, and Outlook will do with your next send.
Q: How long does it take to fix email deliverability? If you’re starting from scratch with proper warmup: 6-8 weeks to full reputation. If you’re recovering from a damaged reputation: 3-6 months of disciplined sending with no spam complaints, low bounce rates, and high engagement.
Q: Does using a subdomains mean I need separate email accounts? No. Subdomains are DNS-level constructs. Your sending infrastructure (ESP, SMTP relay) handles routing. You can send from transact.yourdomain.com using the same SendGrid or Postmark account as comms.yourdomain.com — they just have separate sender reputations.
Q: Does unsubscribe have to be one click? For Gmail and Yahoo bulk sender requirements (2024+), yes: one-click unsubscribe must be present in the email header. CAN-SPAM allows 10 days to process opt-out requests, but one-click is now required for compliance with Google/Yahoo’s bulk sender guidelines.
Q: Our team doesn’t have email development expertise. What’s the minimum viable approach to email HTML quality? Use a reputable email template platform that validates HTML across all major clients. Platforms like Shootmail provide pre-built, battle-tested templates with a visual builder so your team can customize without touching code. The key is that the underlying HTML has already been validated — your team can’t introduce HTML structural errors because the templates are pre-approved.
The Bottom Line
Email deliverability is a technical infrastructure problem, not a copywriting problem. The teams consistently landing in the primary inbox share common characteristics:
- Separate subdomains for transactional and marketing sends
- Proper authentication — SPF, DKIM, and DMARC with monitoring
- Double opt-in on all list captures
- Rigorous list hygiene — verification, bounce management, engagement segmentation
- Custom tracking domains — never shared ESP tracking
- Proper domain warmup — 6-week ramp for new domains
- Validated HTML templates — clean code that passes spam filter checks
- Communication-style language — not broadcast marketing tone in transactional emails
The gap between 60% and 95% inbox placement isn’t a better subject line. It’s doing the technical foundations correctly, consistently, and systematically.
Case Study: Why a Real Vercel Email Landed in Promotions
The best way to understand how technical errors compound into poor deliverability is to look at a real example. This is a Vercel product update email that was sent to their newsletter list. Subject: “Building agents with the right stack.” Sent from ship@info.vercel.com. It contained information about CLI integrations, Chat SDK, and Sandbox startup improvements.
It landed in Gmail’s Promotions tab.
Three specific, identifiable technical problems caused this:
Problem 1: 1,800-Character Tracking Links All Pointing to One Domain
Every link in the email — without exception — pointed to tracking.inflection.io, a shared tracking subdomain. Not just that: each URL was approximately 1,800 characters long, indicating long redirect chains.
When Gmail’s spam models evaluate a send like this, they see: mass email distribution, every link to the same external tracking domain, URLs that look like multi-hop redirects. This is the behavioral fingerprint of bulk promotional senders, not genuine product communication.
What Vercel should have done:
- Use a custom tracking subdomain unique to Vercel — e.g.,
links.vercel.com - Shorten URLs. 1,800-character URLs signal redirect chains, which Gmail specifically penalizes
- Mix in links to first-party properties (vercel.com, docs.vercel.com) — the majority of links in transactional and product emails should point to your own domain
Problem 2: Email Was Clipped — Unsubscribe Link Was Not Visible
Gmail’s interface clipped the email at the bottom, hiding critical elements including the unsubscribe link. Gmail shows “View entire message” when an email exceeds its rendering complexity or size threshold.
Under Google’s 2024 bulk sender requirements, one-click unsubscribe must be present in the email header and must be immediately visible — not hidden behind a “View entire message” click. A clipped email that buries the unsubscribe mechanism is a compliance failure.
What Vercel should have done:
- Ensure
List-Unsubscribe(RFC 2369) andList-Unsubscribe-Post(RFC 8058) headers are properly set in the email’s SMTP headers — these enable one-click unsubscribe directly in Gmail’s interface even when the email body is clipped - Keep the email body under 100KB to avoid Gmail’s clipping threshold
- Audit rendering complexity before major sends — particularly HTML table depth and image weights
Problem 3: info.vercel.com Is a Generic Subdomain, Not a Dedicated Sending Domain
The sending address was ship@info.vercel.com. The info. subdomain is a catch-all used for marketing, transactional, support, and likely every other email category Vercel sends. When that subdomain’s reputation is damaged by any single email event — a volume spike, one spam complaint, a shared IP problem — every category of email from that subdomain suffers.
This is precisely why the subdomain strategy exists.
What Vercel should have done:
- Use
comms.vercel.comorupdates.vercel.comfor product newsletters — isolated with its own SPF, DKIM, and DMARC policy - Reserve
info.vercel.comfor one-way informational use only (no sending), or use it for a category with low volume and low risk - Each sending subdomain maintains its own reputation independently
The Honest Assessment
Even with all these fixes, this specific email might still land in Promotions. Gmail categorizes bulk product update newsletters as promotional regardless of technical quality — the format itself signals commercial intent to Gmail’s classifiers. That’s the nature of product update emails at scale.
But each of these three problems made the situation worse. The tracking link pattern alone likely triggered deeper spam filtering and contributed to Promotions tab routing. None of these fixes would have guaranteed primary inbox. But they would have made it significantly less likely to be filtered.
The lesson: technical correctness doesn’t guarantee inbox placement, but technical errors will guarantee you make it worse.
Have a specific deliverability problem you’re trying to solve? Describe it in the comments and we’ll give you targeted troubleshooting advice.