Why your emails go to spam — the real causes
The word “free” in your subject line is almost never the culprit. What actually decides the fate of your emails: domain authentication, your sender reputation, how your recipients engage, and how clean your list is. The copy comes a distant last.
What a filter looks at before your copy
All four turn green → inbox. A single one turns red, and the copy no longer has a say.
Roughly one in six legitimate marketing emails never reaches the inbox: it ends up in spam or vanishes along the way4. The instinct, faced with that figure, is to hunt for “banned” words in the subject line. It is almost always wasted effort. A modern filter checks who you are first, and only then what you wrote.
This article separates the false causes from the real ones, in their true order of impact. It lays out the rules that Gmail, Yahoo and Outlook now enforce, and ends with a plan to climb out of spam and stay out.
In brief
- “Spam words” are a myth. A word like “free” only trips the filter if your reputation is already bad.
- Four real causes: missing or misconfigured authentication, a dirty list (bounces, complaints), falling engagement, and an unsubscribe link no one can find.
- Since 2024–2025, Gmail, Yahoo and Outlook require SPF, DKIM and DMARC, plus a complaint rate below 0.3% for high-volume senders13.
- Frequency is an underrated lever: too many sends wear out the list, engagement drops, reputation follows, and spam sets in.
How a filter decides, in a few milliseconds
When your email arrives at a mailbox provider, it is scored on a series of signals before it lands anywhere. Three matter more than all the rest: do you prove your identity, what credit your history earns you, and how your recipients react.
Authentication: proving it really is you
Three settings, placed in your domain’s DNS zone, tell the mailbox provider that the email genuinely comes from you. SPF lists the servers authorized to send on your behalf. DKIM adds a cryptographic signature that guarantees the message was not altered in transit. DMARC ties the two together and tells the recipient what to do if verification fails1. Without all three correctly aligned, anyone can impersonate you, and the mailbox provider knows it, so it treats anything carrying your name with suspicion.
Reputation: your history precedes you
Every sending domain and every sending IP address carries a reputation, built over months of behavior: volumes, consistency, complaints, bounces. It stays invisible as long as everything is fine, and becomes the first place to inspect the moment your emails start missing the inbox5. A good reputation absorbs the occasional slip; a damaged one sends even a flawless message straight to spam.
Engagement: what your recipients do
This has become the central signal. If people open, read and reply, the mailbox provider infers that your mail is wanted. If they delete without opening, ignore it, or click “report as spam,” it draws the opposite conclusion, and applies it to your whole list, not just to the unhappy few6. Sending to contacts who haven’t read you in six months doesn’t just waste one campaign: it drags your reputation down for everyone.
The false causes that waste your time
Before the real causes, you have to rule out the ones that fill most of the conversation and change almost nothing.
The myth of “spam words”
“Free,” “urgent,” “limited offer”: the list has been circulating for twenty years. The reality is that a word only tips an email into spam when the reputation is already bad. Sent from a healthy domain, “free” in a subject line goes through without a hitch5. The filters of the 1990s mostly read keywords; today’s judge the sender first. Rewriting a subject line to dodge a term, while the real cause stays in place, won’t move your open rates.
A single word, an image, a link
No isolated element triggers spam on its own. An image, several links, an exclamation mark: all of it is weighed in context, cross-checked against your reputation and past engagement. The risk comes from a buildup of questionable signals on an already fragile sender, never from a single detail on a trusted one.
| What people fix on reflex | What actually matters |
|---|---|
| Removing the word “free” | Authenticating the domain (SPF, DKIM, DMARC) |
| Stripping emojis from the subject line | Cleaning the list, removing inactives |
| Cutting the number of images | Driving the complaint rate below 0.3% |
| Changing the button color | Easing off contacts who no longer read you |
Where the energy goes, and where it should go.
The real causes, in order of impact
Four causes explain almost every legitimate email that ends up in spam. Here they are, from the most structural to the most behavioral.
1. You aren’t (properly) authenticated
This is the number one cause, and the simplest to fix. Either SPF, DKIM or DMARC is missing, or they exist but aren’t aligned with the domain shown in the “From” field. For a high-volume sender, DMARC alignment is no longer optional: without it, the mailbox provider can’t tie the email to a verified owner, and treats it as suspect1.
2. Your list isn’t clean
Invalid addresses generate bounces; a high bounce rate signals a poorly maintained list. Worse, some abandoned addresses get recycled into spam traps: hitting them tells the mailbox provider you collect your contacts badly. And every “report as spam” carries weight, beyond 0.3% complaints, Gmail and Yahoo actively downgrade your sends12.
3. You send too often, or to people who no longer read you
This is the most discreet cause. As a list gets worked harder, a share of contacts disengages: they stop opening, then delete, then complain. Continuing to send to inactives keeps feeding a poor engagement signal that contaminates deliverability for the whole base6. The problem worsens when several teams send in parallel to overlapping lists: it’s always the same contacts who receive too much, and they’re the ones who tip first.
4. Unsubscribing is hidden or broken
When unsubscribing is a hassle, people take the shortcut: they report as spam. Each complaint does more damage than a clean unsubscribe. Since 2024, one-click unsubscribe has in fact been required for marketing emails at the major providers12.
| Cause | Visible symptom | Fix |
|---|---|---|
| Authentication | SPF/DKIM/DMARC failures, “via” shown | Publish and align all three records |
| Dirty list | Bounces > 2%, complaints rising | Remove invalids and inactives, validate at signup |
| Engagement / frequency | Opens falling send after send | Segment by activity, cap the frequency |
| Unsubscribe | Spam complaints > unsubscribes | One-click unsubscribe, clearly visible link |
The four real causes, their outward sign, and the move that fixes each.
The Gmail, Yahoo and Outlook rules — what changed
Since 2024, the bar is no longer implicit: the big providers publish hard numbers. Ignoring them means risking outright rejection, not just a spam-folder placement.
Authenticate SPF, DKIM and DMARC
Since February 2024, any sender to Gmail accounts must have at least SPF or DKIM. Above roughly 5,000 messages a day to Gmail, all three become mandatory, with DMARC alignment and a policy of at least p=none1. Yahoo enforces equivalent requirements2, and Outlook followed: since May 5, 2025, high-volume domains that aren’t compliant see their messages rejected or routed to junk3.
One-click unsubscribe
For marketing emails, a one-click unsubscribe mechanism is now required, on top of a clearly visible link in the body of the message1. The aim is simple: a fed-up contact should unsubscribe instead of reporting you as spam.
Stay below 0.3% complaints
The threshold is explicit: if more than 0.3% of your emails are reported as spam, Gmail and Yahoo downgrade your deliverability12. In practice, aim far lower, around 0.1%, and watch that figure in each provider’s tools (Google Postmaster Tools on the Gmail side).
“I don’t send 5,000 emails a day” is not a free pass. First, because these settings help every sender, whatever the volume. Second, because a single spike, one big one-off campaign, can be enough to get you classified as a high-volume sender for the long run1.
Two causes the technical side doesn’t cover, Sendgate handles them.
Authentication is set in your DNS. But over-sending and the wrong-audience mistake play out day to day. Sendgate puts a frequency cap per contact, profiles that have already been over-mailed are pulled before each send, and walls off lists by team, so a campaign never goes to the wrong audience. Two moves that directly protect your engagement, and therefore your reputation. All of it on top of your existing Brevo account.
Discover Sendgate →HubSpot → Brevo · Not affiliated with Brevo or HubSpot
How to climb out of spam — the plan
In order, from the most structural to the most fine-grained. Don’t skip the diagnosis: it keeps you from fixing what isn’t broken.
Diagnose
Send a test message to an analysis tool, read the headers of a received email, and open Postmaster Tools. You’ll know whether SPF, DKIM and DMARC pass, and where your complaint rate stands.
Authenticate
Publish SPF, DKIM and DMARC in your DNS, aligned with the domain in the “From” field. Start DMARC at p=none to observe before you tighten it.
Clean the list
Remove invalid addresses, hard bounces and contacts inactive for several months. A shorter but living list delivers better than a big dead one.
Make unsubscribing easy
Turn on one-click unsubscribe and make the link visible. An unsubscribe is always better than a complaint.
Ease the pressure
Segment by engagement, space out sends to contacts who no longer read you, and set a frequency cap so no one gets over-mailed.
Measure, then adjust
If the domain is new, ramp the volume up gradually. Then track opens, complaints and bounces over time: reputation repairs slowly, but it does repair.
Don’t move DMARC to p=reject without reading your reports first. A policy that’s too strict, set blindly, will also block your own legitimate sends, newsletters, invoices and notifications included.
Key takeaways
An email goes to spam first because of what you are in the mailbox provider’s eyes, not because of the words you use. The order of priorities is clear: authenticate the domain, keep a clean list, protect engagement, and make unsubscribing easy.
The Gmail, Yahoo and Outlook rules have made that foundation mandatory for high-volume senders: SPF, DKIM, DMARC, one-click unsubscribe, and under 0.3% complaints. That’s the floor, not the goal.
What’s left is the lever the technical side doesn’t solve: frequency. Too many sends, or too many sends to the wrong people, erode engagement and eventually tip everything over. That’s often where the inbox is won, or lost.
Frequently asked questions
Do “spam words” really exist?
How do I know if my emails are going to spam?
How long does it take to repair a damaged reputation?
Does a new sending domain land in spam at first?
Sources
- Google — Email sender guidelines (sender requirements, 5,000/day threshold, complaints < 0.3%). support.google.com
- Yahoo — Sender Best Practices (DMARC, one-click unsubscribe, complaint rate). senders.yahooinc.com
- Microsoft — Outlook's New Requirements for High-Volume Senders (in effect May 5, 2025). techcommunity.microsoft.com
- Validity — Email Deliverability Benchmark (inbox placement ≈ 83.5%). validity.com
- Sinch Mailgun / Mailjet — on the weight of reputation versus keywords. mailjet.com
- HubSpot — engagement as the central deliverability signal. blog.hubspot.com