Are your sent emails getting stuck in your customers’ spam filters?
If you send emails using your own domain, you may need to change some settings.
DMARC was introduced in 2015 as a way to verify that you own the domain you’re sending from. Every domain has its own DMARC record, which is used to defend the domain against spam and phishing. If you’re not using it, your email is more likely to be marked as suspicious.
This is backed up by an SPF record (nothing to do with sunscreen), which holds a record of which services are allowed to send mail on your behalf. You need to edit your domain’s SPF record to add every service that you use to send emails using your own domain, including:
- emails you send directly using a third-party service like Gmail
- receipts and order confirmations from an online store
- meeting invites from a calendar scheduling service
- email newsletters – including sign-up confirmations
- emails your CRM sends out as part of automated workflows
- asking for reviews via Trustpilot or Feefo
Even the big brands are still getting this wrong — I had emails flagged as spam from Nespresso and GWR, just while I was preparing this post. I see one every couple of days, often from big companies with IT departments that should know better. Receipts are probably the main offender when it comes to the big brands, followed by newsletters. For smaller companies, it’s often a result of things like sending emails via your Gmail account, or using a calendar booking service.
You also need to update your SPF record each time you set up or switch to a new service that uses your domain to send emails (for example, if you change your newsletter platform or shopping cart software), to keep it up to date.
It took me less than half an hour to set mine up from scratch for complexical.com, including adding in a couple of third-party services to SPF, and creating a new DMARC record.
Even though this has been around since 2015, it seems like email providers are now getting more rigorous about checking these settings, and warning users if they find a mismatch between the DMARC settings, the SPF record (where you’ve authorised emails to come from), and the actual service being used to send messages on your behalf.
I’m also increasingly finding that Gmail won’t offer me the ability to accept (or turn down) calendar invites within messages it’s deemed as spam, even after I’ve manually marked them as safe.
The UK’s National Cyber Security Centre has some good technical guidance (https://www.ncsc.gov.uk/collection/email-security-and-anti-spoofing) on editing SPF and DMARC, and you can also find plenty of practical how-to guides for updating your settings using major platforms such as CPanel. You’ll probably also have to look at the help pages for different services you use, to figure out what you need to put in there.
So if emails you send are regularly ending up in spam, it’s worth putting in a bit of time to check these settings (or ask your web developer to do it). You’ll make yourself look a lot more professional, and increase the odds of your emails being delivered properly.
And if you’re getting a lot of non-spam messages stuck in your incoming spam filter, do the sender a favour and share these tips!
