When sending cold emails, making past spam filters and landing in the inbox can be a real challenge.
In this blog post, we’ll share how spam filters work and talk about the different types of spam filters you need to know about.
Additionally, we’ll go over six strategies you can use to ensure your legitimate emails don’t end up in the spam folder.
How do spam filters work?
The purpose of spam filters is to identify potentially dangerous emails and prevent them from landing in the recipient's inbox. They help prevent users from both scams and attacks, as well as harmless unwanted messages.
Spam filters use predefined rules to determine whether a message is spam or not. These rules are embedded in the email filtering algorithms of every email server.
The algorithms screen incoming emails on several levels and define a threshold spam score that an email should not exceed in order to get a pass into the recipient's inbox.
If your email exceeds the threshold upon analysis, it’s sent to the spam box.
However, spam filters do not all operate in the same way, and there are no standard rules on which all spam filters operate. Nevertheless, there are specific email components that spam filters look at. These include:
- Campaign metadata – Addressing your email to the recipient's email address instead of their name can trigger spam filters. (e.g., saying “Hey boris@hunter.io” instead of “Hey Boris.”)
- Email authentication – Spam filters will flag your email as spam if they fail to confirm that you’re who you claim to be. Also, your emails will trigger spam filters if receiving servers fail to verify that you own the domain through which you’re sending your emails or that the domain owner allows the emails to be sent.
- Sender’s IP address – Your emails will get flagged as spam if emails sent using the same IP address have been flagged as spam in the past. This is why it’s crucial to use a reputable email service provider.
- The email content and its format – Emails are meant to be simple, clear, and friendly. Aggressive spam filters will flag emails as spam if they're not designed well or use images or visuals inconsistent with the audience.
Keep in mind that an email could pass through some servers but fail other servers’ checks.
Types of spam filters
Different types of spam filters exist, with each having its own mechanism for preventing unwanted emails from landing in a recipient’s inbox.
Content filters
Content filters sift through your email content for anything suspicious such as explicit material, deals that require credentials or clicking on a link, language of a sexual nature, and anything else that might get users to click on malicious links or fall for phishing.
These filters analyze the text inside your emails by looking for spam words (e.g., act now, 100% guarantee, limited time, etc.) and use that information to determine whether or not your emails belong to the spam folder.
Blacklist filters
Blacklist filters block emails sent by senders who have been listed as spammers by a specific company or email service provider.
So, as you send your emails, blacklist filters check your domain name or IP address to see whether it’s labeled as a spammer and listed on a spam list. Emails listed on a spam list are directly sent into the spam folder.
Header filters
Header filters assess your email’s header information to determine if the email is coming from a legitimate source. It analyzes information such as the sender’s IP address to see if the email address is genuine or forged.
Bayesian filters
Bayesian filters primarily analyze your inbox and spam records and compare both to differentiate spam from legit emails.
The filters monitor the type of emails you send to the spam folder and those you leave in the inbox and create rules accordingly. The rules are tailored to your specific inbox, and any email with spam traits is sent into the spam folder.
User-defined filters
As the name implies, user-defined filters are specific rules that users set up on their own to analyze all emails coming to their email address.
Users can set specific words or phrases that make emails pass as spammy content and be treated as such.
6 strategies to prevent emails from going to the spam folder
Here are six strategies that will allow you to ensure that your emails always go to the inboxes of your receivers and especially to avoid spam filters.
1. Use email authentication
Email authentication protocols help email servers understand whether a particular sender is authorized to send emails from a specific domain or email address.
To avoid your emails landing in the spam folder, you’ll want to perform email authentication using the following protocols:
Sender Policy Framework (SPF)
Sender Policy Framework (SPF) is an email verification protocol, and its role is to allow you to define the people (IPs and domains) that can send emails from your domain.
Anytime an email is sent from your DNS, the receiving system checks for a valid SPF record. If there is a valid SPF record attached and:
- The IP sending the email is on the allowed list; it gives the email a PASS tag (in which case the email is properly delivered).
- The IP address sending the email is not on the list; it gives a FAIL tag (in which case the email bounces or lands in the spam folder).
SPF authentication allows receiving servers to spot email impersonations and domain spoofing. But as the sender, it lets you prove to servers that you’re legitimate and avoid spam filters.
How to check if SPF is configured correctly?
You can check whether SPF is configured correctly for your domain in two ways:
Using Gmail
Send a test email to yourself using your email address as the recipient. Then, click on the drop-down menu button at the top right corner to display its content.
Finally, click on Show original.
It will take you to a Gmail page where you can verify the sender’s IP address and the SPF authentication status.
As you can see, it’s a PASS with a valid IP address — which means that SPF is configured and authenticated correctly.
Using MxToolbox’s SPF Checker tool
You can also use MxToolbox’s SPF Checker to check if SPF is configured correctly.
Simply enter your domain name and then click the SPF Record Lookup button.
You’ll get a report that looks like this:
How to set up SPF
- List the mail servers and their IP addresses
Start by listing all the mail servers and all the IP addresses you want to allow to send emails from your domain.
Here are some considerations:
- Your and your coworkers’ IP addresses.
- Your email service provider(s)’ IP address(es).
- The IPs of your recipients’ email service providers.
2. List the sending domains
Include all your domains to secure them. Even if you don’t send emails using the other domains, spoofers can still try to use them.
3. Go to your DNS settings
Head over to your DNS settings and create your SPF record.
If you’re using Namecheap, here’s how to proceed:
4. Log in to your Namecheap account.
5. Go to Domain List. Next, click on the Manage button next to your domain.
6. Go to the Advanced DNS tab. There, click on Add New Record.
Here’s how to fill each field:
Type: select TXT Record
Host: add @ that corresponds to yourdomain.tld or a subdomain
Value: add the tag v=spf1
In the Value field, follow v=spf1 with the IP addresses that are allowed to send emails from your domain. For example, v=spf1 ip4:5.6.8.9 ip4:1.2.3.4. You can specify legitimate third-party senders by adding an "include" statement to your SPF record (e.g., include:zoho.com).
Finally, end the record with an -all tag.
TTL: Select Automatic.
Finally, click on the Save all changes button.
DomainKeys Identified Mail (DKIM)
DomainKeys Identified Mail (DKIM) uses a digital signature in the email header to allow your recipients’ servers to authenticate that you own the domain you use to send your emails or that the domain owner authorized it.
The signature is written with two keys, one public and the other private. The public key is attached to your DNS and can be seen, but the private key remains specific to the message source (only you, the original sender, have access to it).
The receiving server analyzes your public key to identify your DNS when you send a message. Next, it checks if the private key was used to write the cryptographic signature when sending the message.
- If yes, the message is legitimate, and the receiving server gives it a PASS (inbox).
- If not, then the message isn’t legitimate, in which case the receiving server gives it a FAIL (rejection or spam folder).
The SPF record breaks when the email is forwarded. This leaves room for spoofing and impersonations. DKIM helps to compensate for SPF limitations concerning the authentication of the message source.
A DKIM signature helps you prove that:
- The content is original and unaltered.
- The headers have not changed since the original sender sent the email.
- The email sender has the DKIM domain, or the domain owner allows it.
It shows that your emails are not tampered with while in transit from server to server. This helps protect you from spoofers and keeps you away from spam folders or bounces.
How to check if DKIM is configured correctly
Here’s how to check if DKIM is configured correctly for your domain:
- Send yourself a test email.
- Click on the drop-down menu button at the top right corner.
- Click on “Show original”.
As you’re redirected to the page, you can see which domain signed the DKIM.
Here, it’s a PASS—meaning that our DKIM is fine.
How to set up your DKIM
Here’s how to set up DKIM if you’re using Gmail as your email provider:
- Head over to the Google Admin Console and log in.
- Click on the top left menu and go to Apps > Google Workspace > Gmail > Authenticate email.
3. Select your domain and generate a new record.
4. Select 1024 for the bit length and check the prefix selector.
5. Validate and get your new DKIM record.
6. Go to your DNS provider and add a new record.
Here's how to fill each field:
- Type: Select TXT Record.
- Host: Paste the DNS Host name from Google.
- Value: Paste the new TXT record value from Google.
- TTL: Select Automatic.
Here’s what it will look like:
Next, click on the green check button and wait a bit for Google and your DNS to sync the new changes. Go back to the Google Admin console and click on Start authentication.
The authentication might fail a few times before working. Upon completion, the status changes to Authenticating email.
Domain-based Message Authentication, Reporting & Conformance (DMARC)
DMARC is an authentication and reporting protocol that works by matching the validity of SPF and DKIM records.
Both SPF and DKIM must work, and at least one must align for DMARC rules to apply.
- If both align, it’s a valid email from an authorized server with header information intact.
- If at least one aligns, it still indicates that the sender owns the “Friendly-From” DNS space and thus is who they claim to be.
The main role of DMARC is that it allows domain owners to specify to mailbox providers how to treat an email when authentication checks fail to validate. Here are the three policy options it gives you:
- None: Letting the receiving server decide.
- Quarantine: Indicating the spam folder.
- Reject: Indicating a rejection.
The true value of DMARC reports is that routinely monitoring these reports will inform you of any phishing or spoofing attempts to your domain. The reports also let you know if your own email is being rejected due to DKIM or SPF failure.
How to check if DMARC is configured correctly
You can use MxToolbox’s free DMARC Check Tool to check if DMARC is configured correctly for your domain. Simply enter your domain name and then click the DMARC Lookup button.
You’ll get a report that looks like this:
For our example, you can see the DMARC record is appropriately configured. But for a site that hasn’t configured its DMARC record correctly, you’ll see:
How to set up DMARC
Before setting up your DMARC record, you must first set up all protocols against domain spoofing. Google recommends this order:
- SPF
- DKIM
- Checking MX (mailbox for reports)
- Getting the domain host sign-in information (You can use ICANN Lookup for this)
- Checking for an existing DMARC, as we’ve done using MxToolbox
- Finally, set up or change the DMARC policy
Setting up your DMARC record is almost the same as with SPF and DKIM records.
Start by going to your DNS settings to add a new record.
Here’s how to fill each field:
Type: select TXT Record
Host: Add your domain name preceded by _dmarc. (e.g., _dmarc.domain.com)
Value: Use MxToolbox’s DMARC generator to generate a DMARC record:
Start by entering your hostname and then clicking on Check DMARC Record.
You’ll then get a DMARC value suggestion.
Choose what you want to do with emails that fail the DMARC check:
Then, fill in the remaining information (optional).
Then, copy the record value you get to your DNS. Here’s our DMARC value sample:
v=DMARC1; p=reject; pct=100; rua=mailto:re+fokv6ipbzu1@dmarc.postmarkapp.com; sp=none; aspf=r;
Take a look at the image below for a quick explanation of all the tags used:
2. Warm up your domain and email address
Your domain's reputation and credibility are two things email servers consider when determining whether to mark your message as spam or not.
Before you start sending emails for marketing or sales purposes, you will want to warm up your domain and email address.
Your goal here is to show email servers that your domain and email addresses have sent legitimate and trustworthy emails in the past and build your credibility.
From a credibility standpoint, a new domain starts neutral, and the reputation, good or bad, will be determined over time. This is precisely why you need to warm up your domain and email address before sending any mass email campaigns.
Avoid sending email campaigns if your domain is less than six months old. Once you start sending emails, you need to remember to start slow. You can't begin by sending 100 emails a day on the first day.
You need to warm up your email address by slowly increasing the number of emails sent each day. It's best to send those first few emails to your family, friends, and colleagues, and ask them to open and reply to them and mark them as not spam.
There are also tools like Mailwarm and WarmUp Inbox that can help you automate the process of warming up your domain and email address.
3. Make sure your domain isn’t blacklisted
Email blacklists are lists of email addresses and domains that have been identified as spam senders in the past. If your domain or email address ends up on a blacklist, any emails you send will likely land in the junk folder.
Note that all your email campaigns sent through your email marketing services are sent through their servers. Hence, if even one other customer sends spam, it can also affect your deliverability.
There are dozens of email blacklists online, with some of the most popular ones being The Spamhaus Blocklist (SBL) and Spamcop. You can use MxToolbox’s Email Blacklist Check to check whether your email is listed in any of the big email blacklists.
4. Clean your email list
Emailing invalid or non-existing email addresses can hurt your email reputation and make it more likely that your emails start landing in the spam folder.
The reason is quite simple. If several of your emails don’t deliver, email servers will start flagging you as a spammer, and your deliverability rates will suffer.
Email addresses on your list can become invalid for several reasons, including people changing their email address or switching jobs, companies changing their domains or going out of business, and so on.
To avoid emailing invalid email addresses, make sure to verify all the email addresses on your list using a tool like Email Verifier before kicking off your campaigns.
If you only want to verify a single email address, here’s how to do it:
Go to the Email Verifier page and paste the email address you’d like to verify:
Next, click on the Verify button. You’ll then get your result, which looks like this:
It’s also possible to verify a list of email addresses with Email Verifier. Here’s how to do it:
Go to the Bulk tasks page and select Email Verifier.
Then, click on +New bulk.
Name your list and add the email addresses you’d like to verify. You can paste the list into the appropriate field or upload a .CSV or .TXT file. Hunter can make sense of the file, detect the column for email addresses, and verify them.
Click Upload, and then on Launch the verification.
The verification process will be completed quickly. Once it’s done, click the Download button to download a list of all the verified email addresses from your original list.
5. Use a spam word checker
Spam trigger words can cost you your email deliverability.
Content filters screen every word in your email, and header filters sift through your subject line for spammy words.
If your email contains one or more of these words or phrases, it’s more likely to be marked as spam. So you need to keep an eye out for those words and avoid them at all costs.
For some context, spam trigger words are words and phrases used by spam filters to identify potential spam messages. Here’s a list you can reference.
EmailTooler’s Spam Words Analysis Tool is designed to help you avoid triggering content filters. Using the tool will ensure that your emails don’t contain any words or phrases that might get them flagged as spam.
Simply head over to the tool, paste your subject line and email content, and hit the Analyze email button.
You’ll get a report that looks like this:
6. Include an unsubscribe link
Let’s face it, not everybody will love your content—and you can’t sell to everyone.
Another way to avoid getting flagged as a spammer is to give the people that aren’t interested in your emails a way out of receiving them.
Including an unsubscribe link in your emails will help you get fewer spam complaints because people who don’t want to receive emails from you can simply click the unsubscribe link instead of reporting your email.
You can use Hunter Campaigns to have an unsubscribe link inserted automatically into every cold email you send.
Get your emails in the inbox every time
Following the tips above will ensure that your cold email gets a green pass through spam checkers and lands in the recipient's inbox. To learn even more about email deliverability, check out these blog posts:
Become a cold email pro in 5 days