How to prevent your emails from going to spam

As a website admin, you will likely be sending out emails to your customers or visitors for newsletters, account notifications, product updates, etc. Depending on the circumstances, you might start noticing your emails are ending up in customers’ spam/junk folders instead of their email inbox.

This issue can be caused by a few things, and I’ll go into detail for each:

  • Misconfigured DNS/absence of necessary records
  • Poor domain reputation

Misconfigured DNS/absence of necessary records

For email to work, you should make sure SPF, DKIM, and DMARC are set up. These are usually TXT records (do not use the SPF record type), but your provider might also ask for it to be a CNAME. These records exist for email providers to verify that the email server(s) sending email as your domain are allowed to send such email, and aren’t using your domain without permission.

Both SPF and DKIM are DNS records your host should be able to provide you. If they do no support SPF nor DKIM, I would recommend you move to a different email host with modern email authentication support (Such as Google Workspace or Office 365).

DMARC is a record that tells mail servers what to do with mail that does not “PASS” your SPF and DKIM records. You should use a DMARC record creator or wizard to create this, I recommend this record wizard. For the report email, you should either send it to a secondary email inbox (since each email host sends daily report emails), or use a commercial DMARC tracking service that processes and visualizes reports.

To verify correct record configuration in Gmail:

Also, see Google’s instructions.

First, send a test email to your own email inbox.

On the message, hit the ellipsis (triple dot) and click “Show original”

See if all of these pass:


If any of these fail, your setup might be incorrect.

To verify correct record configuration in Hotmail/Outlook:

First, send a test email to your own email inbox.

On the message, hit the ellipsis (triple dot) and click “view message source”
Now look for the line starting with Authentication-Results. make sure you see spf=pass, dkim=pass and dmarc=pass.

If any of these fail, your setup might be incorrect.

Poor domain reputation

Assuming SPF and DKIM succeed, the deliverability of email to your customer’s inboxes heavily depends on the reputation of your domain.

Your domain’s reputation depends on (in no particular order):

  • how spammy the emails you send “look”
  • how many users actually open your emails and are “engaged” with it (eg. spend time looking at it, clicking a link, etc). It’s bad if most users send your emails straight to trash/archive.
  • how often your emails are marked as spam/phishing by users
  • how new your domain is (eg. a domain made within the last month might be spam and thus will be in a “trial” period where its trustworthiness can be changed quickly)
  • a variety of other signals that are kept secret to prevent abuse

Generally seeing these specific metrics isn’t possible since, otherwise, spammers could game the system.

You should also set up Google postmaster tools to track your email. This dashboard will only work for DKIM authenticated mail.


Does being on Cloudflare, or using Cloudflare’s IP addresses impact how much of my emails go to spam?

No. Except for in extreme circumstances, email providers do not use the IP addresses set for your domain in determining whether or not your emails go to spam. They do, however, use the IP addresses of the server sending the email (eg. your web server or your SMTP provider), but this will never be Cloudflare’s IPs.

A spam blacklist marked my domain as spam based on the IP Address being one of Cloudflare’s, what can I do?

See above, the IP address is not taken into account when email providers determine if an email should go to spam. Even if a spam blacklist shows the CF IP as being “bad reputation”, it will not impact email deliverability.

Do MX records impact deliverability?

No. MX records only impact if your domain itself can receive email, not if email you send reaches your customers’ inboxes.

Does reverse DNS (rDNS) matter?

Not in relation to something special that Cloudflare needs to do, no. If you need to set up reverse DNS, you need to ask your email server host to set the reverse DNS for the email server’s IP address to your domain; all you need to do for Cloudflare’s DNS is create an “A” record at some subdomain (eg. pointed to that IP address which is also set to unproxied.

Everything looks right, but my emails are still going to spam!

Chances are your domain reputation is lower than you think. Maybe your emails are spammy (either in content or in frequency; most people don’t care enough about your service to want a weekly newsletter), maybe 99% of your users keep trashing them; whatever it is, you likely can’t find out why your emails are being sent to spam since they need to prevent spammers from figuring out and abusing the spam algorithms.

The only thing you can do in this situation is to make sure your emails aren’t spammy, analyze your DMARC reports to make sure no spammers are using your domain, and track how often your own mail server is sending out emails. Over time, if you have no issues, your domain reputation will slowly come back.