Skip to main content
Version: 8.2Marketing

Analyze why the email was moved to spam

This article covers how to analyze why received emails end up in the spam or junk folder. This includes methods such as inspecting email headers, utilizing mail testing services like MailTester, and other essential techniques.

Inspect Email Headers

Email headers contain vital information about the email journey from sender to recipient. Analyzing these headers can provide insight into why an email was marked as spam. This is one of the most effective ways to understand the cause of the problem, but it requires some technical skills.

To view email headers in a received email:

Gmail

  1. Open the email.
  2. Click in the top right
  3. Select Show original.

Outlook

  1. Open the email.
  2. Click FileProperties.

Email header parameters

Look for special parameters that contain the identification in the email headers.

Fig. 1 Email headers
Fig. 1 Email headers

Received-SPF. SPF (Sender Policy Framework) helps authenticate the sender identity by verifying that the sending mail server is authorized to send emails on behalf of a specific domain.

Interpretation:

  • A valid SPF record has a "pass" status. This indicates that the email passed SPF authentication.
  • If SPF fails, it might suggest that the sending server is not authorized to send emails for the specified domain. This can trigger spam filters.

Example: Received-SPF: Pass (example.com: domain of sender@example.com designates xxx.xxx.xxx.xxx as permitted sender)

Fix:

  • Ensure that the SPF record for your domain is configured correctly.
  • Update SPF records to include the IP addresses of all legitimate mail servers that send emails on behalf of your domain.
  • Review and update SPF records regularly to accommodate changes in your email infrastructure.

Authentication-Results. This header provides an overall summary of the email authentication checks, including SPF, DKIM, and DMARC.

Interpretation:

  • A comprehensive pass across these checks enhances email legitimacy.
  • Failure in any of these checks might contribute to the email being marked as spam.

Example: Authentication-Results: spf=pass (sender IP is xxx.xxx.xxx.xxx); dkim=pass (signature verification passed)

Fix:

  • Ensure that SPF, DKIM, and DMARC records are set up for your domain correctly.
  • Ensure that DKIM signatures are generated properly and aligned with the sending domain.
  • Implement DMARC policies to define how your domain handles failed authentication.

X-Spam-Status. This header is set by the spam filter and provides a summary of the spam-checking process.

Interpretation:

  • "Yes" or "True" status indicates the email was flagged as spam.
  • Value such as "Neutral" or "No" suggest the email passed spam checks.

Example: X-Spam-Status: Yes, score=5.0 required=3.0 tests=BAYES_50,HTML_MESSAGE,SPF_PASS autolearn=unavailable

Fix:

  • Review the specific tests that contributed to the spam status.
  • Address issues identified in the X-Spam-Report to reduce the likelihood of spam classification.

X-Spam-Report. This header provides a detailed breakdown of the spam-related tests and their results.

Interpretation:

  • Check for specific tests that triggered spam flags.
  • Some tests might include information about content analysis, blacklisted elements, or suspicious patterns.

Example: X-Spam-Report: Spam detection software, running on the system, has identified this incoming email as possible spam.

Fix:

  • Analyze the spam report for specific tests that triggered spam flags.
  • Modify email content to avoid spam-like characteristics.
  • Check for blacklisted elements in the email content and remove or replace them.

X-Spam-Score. This header represents a numerical score assigned by the spam filter based on various tests and checks.

Interpretation:

  • A higher score typically indicates a higher likelihood of being marked as spam.
  • Evaluate the contributing factors to understand why the score was assigned.

Example: X-Spam-Score: 8.5

Fix:

  • Review contributing factors and adjust email content accordingly.
  • Ensure that your emails adhere to best practices and avoid commonly flagged elements.
  • Experiment with variations in content to see the impact on the spam score.

X-Spam-Flag. A simple flag that indicates whether the email was flagged as spam.

Interpretation:

  • "YES" suggests the email is considered spam.
  • "NO" indicates the email passed spam checks.

Example: X-Spam-Flag: YES

Fix:

  • Address issues identified in other headers that contribute to the spam classification.
  • Monitor and adjust email content and infrastructure regularly based on evolving spam filter algorithms.

Check SPF/DKIM Authentication

Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) are authentication methods that verify the legitimacy of an email. Misconfigurations or absence of these authentications can trigger spam filters. Use tools like MXToolbox or DMARC Analyzer to check the SPF and DKIM records for your domain.

Fig. 2 MXToolbox checkup
Fig. 2 MXToolbox checkup

Sender domain must be verified. If some of required records are missing, it the likely reason your emails ended up in spam shortly after sending out bulk emails.

The requirements for SPF/DKIM authentication for Creatio users vary by email provider. Learn more: Domain verification.

If you are not a system administrator, you can use tools like MxToolbox for checking the current status of specific DNS records.

Use Mail Testing Services

MailTester

Services like MailTester can provide insights into the health of your email setup. 3 MailTester checks are available for free daily. Learn more on the MailTester website.

Fig. 3 MailTester checkup
Fig. 3 MailTester checkup

Glockapps

GlockApps is a service that lets you check how your emails will be delivered to different email providers and whether they might be flagged as spam. It provides insights into email deliverability by simulating the email sending process. The service includes multiple plans that grant access to different functionality. Learn more on the GlockApps website.

Fig. 4 GlockApps checkup
Fig. 4 GlockApps checkup

Email deliverability can be dynamic. It is a good practice to use GlockApps or similar services to check the deliverability of your emails periodically, especially when you make changes to your email infrastructure or content.

Examine Content and Structure

Spam filters often analyze email content for spam-like characteristics. Avoid using excessive exclamation marks, all-capital letters, or misleading subject lines. Ensure your emails are well-structured and have a proper balance of text and images.

Fig. 5 Well-balanced template
Fig. 5 Well-balanced template

Eliminate broken links or suspicious attachments.

Tools like MailTester can also highlight problems with the HTML structure.

Check Common Spam Triggers

Certain words and phrases trigger spam filters. Steer clear of terms like "urgent," "free," or excessive use of special characters. Craft your emails to provide genuine value and avoid resembling typical spam.

If you could not find the reason why the email was placed in spam

Ask the postmaster or system administrator of the recipient if their mailbox has special filtering. Sometimes sending IPs need to be whitelisted by recipient mail server.

See also

Email personalization guidelines

Email web tools

Guidelines for increasing deliverability

Guidelines for improving the sender's reputation