How to Fix Emails Going to Spam

Why your emails land in spam

When legitimate email goes to the spam folder, the cause is almost always one of three things: missing or broken authentication (SPF, DKIM, DMARC), poor sender reputation (bad IP, no reverse DNS, spam complaints), or content and list hygiene problems. Spam filters like Gmail, Outlook, and corporate gateways score every message; fixing authentication usually delivers the biggest, fastest improvement.

This guide walks through each layer in the order that matters. The DNS records below use generic placeholders — replace example.com with your domain and use the exact values from your mail provider. If you host business email or a sending application on Skyline Cloud, these records are generated for you in the control panel.

Step 1: Verify the problem before changing anything

Send a test message to a Gmail account, open it, and use Show original (the three-dot menu). Near the top you'll see:

SPF:   PASS with IP 203.0.113.10
DKIM:  PASS with domain example.com
DMARC: PASS

If any line reads FAIL, SOFTFAIL, or NONE, that is your culprit. Also check the message headers with a tool like Google's Check MX / mail-tester.com, which gives a numeric score and a checklist. Do not guess — let the diagnostics tell you which record is broken.

Step 2: Publish a correct SPF record

SPF tells receivers which servers may send mail for your domain. You publish one TXT record at the root of the domain.

Type:  TXT
Host:  @
Value: v=spf1 include:_spf.alskyline.com -all

Rules that trip people up:

• You may have only one SPF record per domain. Multiple v=spf1 records cause a permanent fail — merge them into one.
• Use include: for every service that sends on your behalf (your mail host, marketing platform, app server).
• End with -all (hard fail) for strict enforcement, or ~all (soft fail) while testing.
• SPF must not exceed 10 DNS lookups; too many include: statements cause a permerror.

Step 3: Enable DKIM signing

DKIM adds a cryptographic signature to each message so receivers can confirm it wasn't altered and genuinely came from your domain. Your provider gives you a public key to publish as a TXT (or CNAME) record at a selector subdomain:

Type:  TXT
Host:  s1._domainkey
Value: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQ...

After publishing, enable signing on the mailbox or domain in your mail control panel. Confirm a DKIM: PASS in a fresh test message. The selector (s1 above) must match exactly what your server signs with.

Step 4: Add a DMARC policy

DMARC ties SPF and DKIM together, tells receivers what to do with failures, and sends you reports. Start in monitoring mode so you don't block your own mail:

Type:  TXT
Host:  _dmarc
Value: v=DMARC1; p=none; rua=mailto:dmarc@example.com; fo=1

Once reports confirm your legitimate mail passes (give it 1–2 weeks), tighten the policy:

v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com; pct=100

Then move to p=reject for full protection against spoofing. Never start at p=reject — you risk quarantining your own messages before alignment is verified.

Step 5: Set reverse DNS (PTR) and a real HELO name

If you send from your own server or VPS, the sending IP must have a PTR record that resolves back to a hostname, and that hostname should have a matching forward A record. Mismatched or missing reverse DNS is one of the most common reasons mail is rejected or scored as spam.

# Check the PTR for your sending IP
dig -x 203.0.113.10 +short
# Expected: mail.example.com.

# Confirm the forward record matches
dig +short A mail.example.com
# Expected: 203.0.113.10

PTR records are set by whoever controls the IP block — your hosting provider, not your DNS registrar. On a Skyline VPS or cloud server, you can request the PTR from the control panel. Make sure your mail server's HELO/EHLO greeting uses that same fully-qualified hostname, not a bare or internal name.

Step 6: Fix content and list hygiene

Authentication gets you to the inbox; content keeps you there.

• Send to people who expect you. High bounce rates and spam complaints destroy reputation faster than anything. Remove invalid addresses and honour unsubscribe requests immediately.
• Keep a clean text-to-image ratio. Image-only emails, lots of link shorteners, or misleading subject lines raise scores.
• Add a List-Unsubscribe header for bulk mail (required by Gmail and Yahoo for large senders).
• Warm up new IPs and domains gradually — sudden high volume from a cold IP looks like spam.
• Match the From address to the authenticated domain. A From: you@example.com envelope that fails alignment will be penalised even with valid SPF/DKIM elsewhere.

Step 7: Verify and monitor

After the records propagate (allow up to a few hours for DNS TTL), repeat the Gmail Show original test and aim for PASS on all three lines. Use mail-tester.com for a numeric score — aim for 9–10/10. Then keep watching your DMARC rua reports and your provider's deliverability dashboard so you catch reputation drops early.

Saudi/GCC notes

For organisations in the Kingdom, keeping mail and data in-Kingdom helps with PDPL data-residency expectations and gives you Arabic-speaking support when a deliverability issue is urgent. Hosting business email and sending infrastructure with a local provider also means PTR/rDNS and DNS changes go through one accountable team rather than several offshore vendors. For deeper guidance on application and SMTP sending, see the transactional email & SMTP cluster.

Summary

Most spam problems are fixed in three records: a single correct SPF, working DKIM signing, and a gradual DMARC policy — backed by valid reverse DNS and clean sending habits. Verify with real test messages, then monitor your reports.

Need reliable, in-Kingdom business email with these records pre-configured? Create your Skyline Cloud account and get your mail authenticated from day one.