A contractor here in the Fargo area lost a $40,000 job because his quote landed in the client’s spam folder. The client thought he never sent one. By the time it got sorted out, the work had gone to someone else.
He wasn’t doing anything wrong. His email just didn’t have the right credentials to prove it was legitimate.
What’s actually happening at the inbox
When your email arrives at Gmail, Outlook, or any other provider, it goes through a series of checks before the inbox. Think of it as a bouncer who doesn’t know you - they’re not checking if your message is useful, they’re checking if you look like you belong there.
Three things matter most: SPF, DKIM, and DMARC. If any of them are missing or wrong, your email gets flagged. Sometimes it lands in spam. Sometimes it gets silently rejected and never delivered at all.
SPF: who’s allowed to send as you
SPF (Sender Policy Framework) is a DNS record that lists the mail servers authorized to send email on behalf of your domain. If your email comes from a server not on that list - say, you switched from GoDaddy email to Microsoft 365 but didn’t update the record - receiving servers see it as suspicious.
This trips up a lot of small businesses when they add tools like Mailchimp, Constant Contact, or a CRM with email features. Each one needs to be listed in your SPF record.
DKIM: the digital signature nobody sees
DKIM (DomainKeys Identified Mail) adds a cryptographic signature to every outgoing email. The receiving server checks that signature to confirm the message came from you and wasn’t tampered with in transit. Without it, your emails look like they could have been forged.
A marketing firm I helped out had no idea their DKIM wasn’t configured until we ran diagnostics. Their campaign open rates were terrible - not because the content was bad, but because half their emails were getting junked before anyone saw them.
DMARC: the policy that ties it together
DMARC (Domain-based Message Authentication, Reporting, and Conformance) tells receiving servers what to do when an email fails SPF or DKIM: deliver it, quarantine it, or reject it outright. It also sends you reports so you can see who’s sending email as your domain - including scammers.
Phishing attacks impersonating local businesses are more common than most people realize. A properly configured DMARC policy stops criminals from using your domain to trick your customers. Without it, anyone can send an email that looks like it came from you.
Sender reputation: the longer game
Even with all three records in place, your sender reputation matters. This is essentially a score that inbox providers assign to your domain and IP based on engagement history - bounce rates, spam complaints, whether people open and respond to your messages.
A domain with good authentication but a history of high bounces or low engagement will still struggle. The fix is gradual: clean your contact lists, don’t send to people who never engage, and avoid subject lines or formatting patterns that trigger filters.
A newer thing worth knowing: BIMI
BIMI (Brand Indicators for Message Identification) is a newer standard that lets you display your company logo in the inbox next to your emails - in Gmail, Yahoo, and other supporting clients. It requires DMARC to be fully set up first. Beyond the brand visibility, it signals to inbox providers that you’ve done the authentication work, which has a positive effect on deliverability.
It’s not urgent, but if you’re working on your email setup anyway, it’s worth asking about.
How to check your setup right now
Go to MXToolbox, enter your domain, and look for SPF, DKIM, and DMARC. Red = problem. Green = good. If you see red anywhere, that’s likely why your emails are landing in spam.
If you’re on Microsoft 365 or Google Workspace, the configuration lives in your DNS settings. It’s not technically complicated once you know where to look. If you’d rather not touch DNS, or if you’ve tried to fix it and you’re still in the junk folder, reach out to DarkHorse IT. It’s usually a half-day fix.