Emails from My Website Going to Spam? Here's the Fix

Your contact form submits. Your newsletter sends. Your order confirmations go out. But half of them end up in spam — or nowhere. Let's fix email deliverability once and for all.

Why site emails fail

Website-generated emails get spam-filtered for three main reasons:

1. Your server isn't authorized to send email for your domain (no SPF)
2. Emails aren't cryptographically signed (no DKIM)
3. No policy tells receivers what to do on failure (no DMARC)
4. Your server uses PHP mail() which is widely distrusted

The four-step fix

Step 1: Stop using PHP mail()

PHP's built-in mail function sends directly from your server, which is almost always untrusted by Gmail/Outlook. Use SMTP through a real email service instead.

• Free/cheap options:
• Gmail SMTP (use your existing Google Workspace)
• SendGrid — 100 emails/day free
• Mailgun — 1,000 emails/month free
• Amazon SES — $0.10 per 1,000 emails
• Brevo (Sendinblue) — 300 emails/day free

Install a plugin (for WordPress: WP Mail SMTP) or configure your CMS to use SMTP.

Step 2: Add SPF record

SPF is a DNS TXT record listing which servers can send email as your domain.

`` v=spf1 include:_spf.google.com include:sendgrid.net ~all ``

Add this as a TXT record to your domain. You get one SPF record per domain — merge all your senders into it.

Step 3: Add DKIM record

DKIM cryptographically signs your emails so receivers can verify they weren't tampered with.

• Every SMTP provider gives you DKIM records to add:
• Gmail/Workspace: generate in Admin Console
• SendGrid: Settings → Sender Authentication
• Mailgun: Domain → DNS records

Add their DKIM records to your DNS as TXT records.

Step 4: Add DMARC record

DMARC tells receivers what to do if SPF/DKIM fail — report, quarantine, or reject.

Start with monitoring:

`` v=DMARC1; p=none; rua=mailto:you@yourdomain.com ``

After 2 weeks of clean reports, upgrade to quarantine:

`` v=DMARC1; p=quarantine; rua=mailto:you@yourdomain.com ``

Verify your setup

• Use these free tools:
• MXToolbox.com — checks all three records
• mail-tester.com — send a test email and get a deliverability score (aim for 9+/10)

Common mistakes

Multiple SPF records You can only have ONE SPF record per domain. Check for duplicates.

SPF exceeds 10 DNS lookups SPF has a hard limit of 10 DNS lookups. If you include too many services, it breaks.

Forgetting subdomain If emails come from mail.yourdomain.com, you need SPF/DKIM/DMARC for that subdomain too.

DKIM selector mismatch Your DNS must have DKIM for the exact selector your mail service uses.

No Reply-To on form emails Contact form emails often come From: noreply@yourdomain.com but should have Reply-To: visitor@example.com so you can reply.

How to test

1. Send a test contact form email to yourself at Gmail
2. Click the 3-dot menu → “Show original”
3. Check that SPF, DKIM, and DMARC all show PASS
4. If any fail, fix the corresponding record

When it's working

• Properly configured domains:
• Land in inbox, not spam
• Show a signed/verified badge in Gmail
• Have clean DMARC reports showing no unauthorized senders

Need help?

Email deliverability is one of those things where one wrong character in DNS can break everything. I fix this regularly — usually takes an hour end-to-end. Send me a message.