Published on June 15, 2026 • By Kaiju Team
Spam filters are not a single gatekeeper — they are a stack of overlapping checks for authentication, list quality, content, and reputation that every mailbox provider runs before deciding inbox versus spam. If you keep asking "why are my emails going to spam," the cause is almost always one of those checks failing quietly. This guide is a practical 2026 deliverability checklist: the three authentication pillars, the bulk-sender rules Gmail and Yahoo now enforce, why a dirty list silently poisons placement, and the content and infrastructure signals filters weigh — ending with a pre-send checklist you can run before every campaign.
Authentication is the first thing a receiving server checks, and in 2026 it is non-negotiable for bulk senders. The three records work together: SPF says which servers may send for your domain, DKIM cryptographically signs the message so it can't be tampered with, and DMARC ties the two to your visible From address and tells receivers what to do when a check fails. Get one wrong and filters treat the message as unauthenticated.
| Pillar | What it does | How a failure triggers filters |
|---|---|---|
| SPF | Lists the IPs/hosts authorized to send for your domain (a DNS TXT record). | Sending from an unlisted IP fails SPF; the message looks spoofed and is filtered or rejected. |
| DKIM | Adds a cryptographic signature so receivers can verify the message wasn't altered in transit. | A missing, broken, or unrotated key fails the signature check and weakens trust. |
| DMARC | Sets policy (none/quarantine/reject) and requires SPF or DKIM to align with the From domain. | No DMARC record, or SPF/DKIM passing but not aligned, leaves you failing modern bulk-sender requirements. |
The word that trips people up is alignment. SPF and DKIM can both pass on a technicality while the authenticated domain differs from the one your recipients see in the From line. DMARC requires the visible From domain to match (in relaxed or strict mode) at least one of the two. A typical published policy looks like this:
# SPF (TXT at yourdomain.com)
v=spf1 include:_spf.yoursender.com -all
# DMARC (TXT at _dmarc.yourdomain.com)
v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com; adkim=s; aspf=s
Start DMARC at p=none with a rua reporting address, read the aggregate reports until every legitimate stream passes aligned, then move to quarantine and eventually reject. For the full picture of how these records interact with placement, see our guide to email deliverability best practices.
Since early 2024, Gmail and Yahoo have enforced a shared set of expectations for anyone sending bulk mail — and in 2026 those expectations are simply the baseline. They are not exotic; they map directly onto the pillars above plus two operational rules. At a high level, bulk senders are expected to:
List-Unsubscribe header that honors the request within a couple of days, and the visible unsubscribe link should work too.The one-click requirement is a single header that lets a recipient opt out without leaving their inbox:
List-Unsubscribe: <https://yourdomain.com/unsub?id=abc123>, <mailto:unsub@yourdomain.com>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
Keeping complaints low is less about clever copy and more about who you mail. The single biggest lever is not emailing people who never wanted your mail or whose addresses are stale — which is exactly where list hygiene comes in.
Deliverability teams obsess over content, but the fastest route into the spam folder is a dirty list. Every invalid address you mail produces a hard bounce, and a high bounce rate tells providers you don't know who your recipients are. Worse, recycled and pristine spam traps — addresses that exist only to catch senders with poor hygiene — can land you on a blocklist outright. None of this depends on what your email says; it's a reputation problem caused by the list itself.
The fix is to verify before you send and to clean on a schedule:
Run a one-off address through our single email validator, or push a whole file through the bulk email cleaner to strip invalids, disposables, role accounts, and likely traps before they ever cost you a complaint. KaijuVerifier runs SMTP probe verification with disposable, role, catch-all, and typo detection, and the bulk jobs API lets you submit a list, poll the job, and pull clean results programmatically. For a repeatable process, follow our step-by-step on how to clean an email list.
Once you clear authentication and list quality, filters score the message itself and how recipients react to it. Modern spam filters lean heavily on engagement — opens, replies, and "not spam" actions push you toward the inbox, while deletes-without-reading and complaints push you out. The content factors that most often backfire:
Engagement compounds: a clean, verified list of people who actually want your mail naturally produces higher opens and fewer complaints, which is the strongest positive signal you can send.
Filters also judge the plumbing behind your mail. Three infrastructure decisions matter most:
| Factor | Why it matters | Recommendation |
|---|---|---|
| Dedicated vs shared IP | A shared IP means other senders' behavior affects you; a dedicated IP isolates your reputation. | Shared is fine at low volume; move to dedicated (and warm it up) once you send consistently at scale. |
| Consistent from-domain | Reputation is built per domain; rotating From domains scatters trust and looks evasive. | Send from one stable, authenticated domain (or a dedicated subdomain for bulk). |
| rDNS / PTR record | Receivers check that your sending IP resolves back to a hostname; missing PTR is a classic spam tell. | Ensure every sending IP has a valid PTR record that matches its forward A record. |
A common pattern is to send transactional and marketing mail from separate subdomains of the same root domain, so a noisy newsletter can't drag down password-reset deliverability. Whatever you choose, keep it consistent — reputation is slow to build and quick to lose.
Run this list before every campaign. It maps to the sections above and catches the failures that account for most spam-foldering:
p=quarantine, with aggregate reports clean.List-Unsubscribe header) is present and works.Pair this checklist with ongoing sender reputation monitoring so you catch a slipping score before it turns into a placement problem.
A sudden drop usually traces to one of three things: an authentication change (a broken DKIM key or an expired SPF include), a list problem (a recent import full of invalids or a spam-trap hit), or a content/volume change (a new template, a risky link, or a sharp send-volume spike). Check authentication first, then your most recent send's bounce and complaint numbers.
Authenticate with SPF, DKIM, and DMARC; verify and clean your list before sending; include a working one-click unsubscribe; keep complaints low; and avoid spammy subject lines and image-only emails. Running the pre-send checklist above covers the common causes.
Yes. Invalid addresses cause hard bounces and spam traps can blocklist you — both damage the sender reputation that filters use to decide inbox versus spam. Verifying addresses with a tool like our bulk email cleaner removes those liabilities before they cost you placement.
Often, yes — especially for bulk senders to Gmail and Yahoo, where authentication is a hard requirement. A missing DMARC record or SPF/DKIM that passes but isn't aligned with your From domain is enough to fail modern bulk-sender rules and get filtered.
KaijuVerifier removes invalids, disposables, role accounts, and likely spam traps with SMTP-probe verification — so your reputation, not a dirty list, decides where your mail lands.
Try the bulk cleaner