How to avoid the spam folder — a practical checklist

Your emails are landing in spam. Not because mailbox providers hate you, but because you skipped the fundamentals. Spam filters have gotten ruthless — Gmail, Outlook, and Yahoo all tightened their rules in 2024, and they keep raising the bar. The good news: most deliverability problems come down to a short list of fixable issues.

Here are 15 things you can do right now to keep your emails out of the junk folder.

Authentication (must-have)

If you skip this section, nothing else matters. Email authentication is the baseline requirement for inbox placement. Without it, mailbox providers have no reason to trust you.

1. Set up SPF

SPF (Sender Policy Framework) tells receiving servers which IP addresses are allowed to send email on behalf of your domain. Without an SPF record, anyone can spoof your domain, and mailbox providers will treat your legitimate emails with suspicion. Add a TXT record to your DNS that lists every service authorized to send as you — your email API, your SMTP service, your marketing tool. Keep it under 10 DNS lookups or SPF will break silently.

2. Set up DKIM

DKIM adds a cryptographic signature to every email you send. The receiving server checks that signature against a public key in your DNS. If it matches, the email hasn't been tampered with in transit. If you're not signing with DKIM, you're leaving trust on the table. Every major mailbox provider weighs DKIM heavily in their filtering decisions. Check our guide on setting up DMARC, DKIM, and SPF for step-by-step instructions.

3. Set up DMARC (at least p=quarantine)

DMARC ties SPF and DKIM together and tells mailbox providers what to do when authentication fails. Start with p=none to monitor, then move to p=quarantine as soon as your reports look clean. The goal is p=reject, which tells providers to drop any email that fails authentication. If you're still running p=none in production, you're not actually protecting your domain — you're just watching. Providers like Gmail now require a DMARC policy for bulk senders, period.

4. Verify your sending domain

Don't send from a freemail address. Don't send from an unverified domain. Verify your sending domain with your email service provider so that the From header, DKIM signature, and return-path all align. Domain alignment is what DMARC checks, and misalignment is one of the fastest ways to get flagged. If you're using Sendkit's email API, domain verification takes minutes and handles alignment automatically.

List hygiene

A dirty list is a spam trap waiting to happen. Mailbox providers watch your bounce rates, complaint rates, and engagement signals. If those numbers look bad, your reputation drops and your emails go to spam — even the ones sent to engaged subscribers.

5. Validate emails at signup

Catch bad addresses before they enter your system. Typos, disposable domains, role-based addresses — they all drag down your sender reputation. Use real-time email validation at the point of signup to reject obviously invalid addresses. This single step can cut your bounce rate in half. We go deeper on this in validate email addresses before sending.

6. Remove hard bounces immediately

A hard bounce means the address doesn't exist. Sending to it again tells mailbox providers you're not maintaining your list. Remove hard bounces after the first occurrence, no exceptions. If your bounce rate exceeds 2%, Gmail and Yahoo will start throttling or blocking your mail. Your SMTP service should handle bounce processing automatically — if it doesn't, switch to one that does.

7. Prune inactive subscribers (90 days no engagement)

Subscribers who haven't opened or clicked in 90 days are dead weight. Worse, they're actively hurting you. Low engagement signals tell mailbox providers your content isn't wanted. Run a re-engagement campaign, give them 2-3 chances, then remove them. It feels counterintuitive to shrink your list, but a smaller, engaged list will outperform a bloated one every time. This directly impacts the metrics covered in how to improve email deliverability.

8. Never buy email lists

Purchased lists are full of spam traps, outdated addresses, and people who never asked to hear from you. Sending to a bought list is the fastest way to destroy your sender reputation. Spam traps are addresses operated by mailbox providers and anti-spam organizations specifically to catch senders who don't use permission-based lists. Hit one, and you're flagged immediately. There's no shortcut here — build your list organically.

Content

Your authentication is solid and your list is clean. Now make sure the actual email doesn't trigger content-based filters.

9. Include a plain-text version

Every HTML email you send should have a plain-text alternative (MIME multipart). Spam filters see HTML-only emails as a red flag because legitimate senders almost always include both versions. Most email APIs generate the plain-text version automatically, but check that yours actually does. It takes zero effort and removes one more reason for filters to downgrade your message.

10. Watch your text-to-image ratio

An email that's mostly images with little text looks like a spam attempt to filters. They can't read the text in your images, so from their perspective, you're hiding content. Keep a healthy balance — aim for at least 60% text, 40% images as a rough guideline. Never send an email that's a single image. Always include meaningful text content that describes your message.

11. Avoid spammy words in subject lines

Subject lines with "FREE!!!", "Act now", "Limited time", excessive caps, or multiple exclamation marks still trigger filters. Modern spam filters use machine learning, so they're smarter than keyword lists, but these patterns still correlate with spam and push your score in the wrong direction. Write subject lines like a normal person. Be clear about what's inside the email. If your subject line sounds like something a used-car salesman would shout, rewrite it.

12. Include your physical address (CAN-SPAM)

CAN-SPAM requires a valid physical postal address in every commercial email. It's not optional — it's federal law in the US, and similar laws exist in the EU (GDPR), Canada (CASL), and elsewhere. Beyond legal compliance, missing address information is another signal that filters use to classify spam. Add your address to your email footer and keep it there. If you're wondering why Gmail rejects your email, missing compliance elements are often part of the answer.

Sending behavior

How you send matters as much as what you send. Mailbox providers track your sending patterns and react to anomalies.

13. Make unsubscribe one-click (List-Unsubscribe header)

As of 2024, Gmail and Yahoo require a working List-Unsubscribe header with one-click unsubscribe for bulk senders. If people can't easily unsubscribe, they hit the spam button instead — and spam complaints are the single most damaging signal for your reputation. Implement both List-Unsubscribe and List-Unsubscribe-Post headers. Make the process instant. Every friction point in your unsubscribe flow translates directly into spam complaints.

14. Be consistent with sending volume

Mailbox providers build a reputation profile based on your normal sending volume. If you normally send 5,000 emails a day and suddenly blast 50,000, that spike looks like compromised infrastructure or a spammer. Keep your volume predictable. If you need to increase, do it gradually — 20-30% per day at most. Consistency builds trust with filtering systems.

15. Warm up new domains and IPs gradually

New domains and new IP addresses have no reputation. Sending at full volume from day one is a guaranteed trip to the spam folder. Start with your most engaged subscribers, send small volumes, and ramp up over 2-4 weeks. Monitor your bounce rates and complaint rates during warmup — if either spikes, slow down. Read our full guide on how to warm up a sending domain for a detailed schedule.

The bottom line

Deliverability isn't magic. It's a checklist. Authenticate your domain, keep your list clean, write content that doesn't trigger filters, and send like a reputable business. Do all 15 of these things and you'll land in the inbox far more often than you don't.

If you're building on Sendkit, most of this is handled for you — domain verification, email validation, bounce processing, and List-Unsubscribe headers all come built in. But even with good tooling, the fundamentals are your responsibility. No platform can fix a bad list or a spammy subject line.

Start at item one. Work your way down. Fix the gaps. Your deliverability will follow.