Why Your Emails Go to Spam (And How to Fix It)

You hit send on an important quote, invoice, or newsletter — and silence. Hours later, a customer replies: "Sorry, I just found this in my spam folder." Sound familiar?

Email deliverability is one of the most overlooked issues facing New Zealand businesses. Even well-crafted emails from legitimate senders can get filtered out if your domain isn't configured correctly. The good news: most spam issues come down to a handful of technical misconfigurations that are entirely fixable.

In this guide, we'll break down the top reasons emails go to spam, and walk you through how to fix each one.

How Spam Filters Actually Work

Before we dive into fixes, it helps to understand what Gmail, Outlook, and Xtra (Yahoo) are looking at when they decide whether your email hits the inbox.

Modern spam filters evaluate three main areas:

  1. Authentication — Can we prove this email actually came from who it claims to be from?
  2. Reputation — Does this sender (domain and IP) have a history of sending wanted mail?
  3. Content & engagement — Does the message look spammy, and do recipients actually open it?

If you fail authentication, the other two barely matter. That's where most NZ businesses trip up.

The Top Reasons Your Emails Go to Spam

1. Missing or Broken SPF Record

SPF (Sender Policy Framework) tells receiving mail servers which servers are allowed to send email on behalf of your domain. Without it — or with a misconfigured one — your emails look suspicious.

A typical SPF record for a business using Microsoft 365 and a CRM like HubSpot looks like this:

v=spf1 include:spf.protection.outlook.com include:_spf.hubspotemail.net -all

Common mistakes we see at xteam:

  • Multiple SPF records on one domain (only one is allowed)
  • Too many DNS lookups (the limit is 10)
  • Ending with ~all or +all instead of -all for stricter enforcement

2. No DKIM Signature

DKIM (DomainKeys Identified Mail) adds a cryptographic signature to every email, proving it wasn't tampered with in transit. Most email providers now treat unsigned mail as highly suspicious.

You'll typically add two CNAME records provided by your email platform, for example:

selector1._domainkey.yourdomain.co.nz  CNAME  selector1-yourdomain-co-nz._domainkey.yourtenant.onmicrosoft.com
selector2._domainkey.yourdomain.co.nz  CNAME  selector2-yourdomain-co-nz._domainkey.yourtenant.onmicrosoft.com

If you send from Xero, Mailchimp, or any transactional service, each one needs its own DKIM configured separately.

3. No DMARC Policy

From February 2024, Google and Yahoo require DMARC for anyone sending more than 5,000 emails per day — and they're using it as a reputation signal for smaller senders too.

A starter DMARC record looks like this:

v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.co.nz; fo=1

Start with p=none to monitor, then progress to p=quarantine and eventually p=reject once you've confirmed all legitimate senders are passing.

4. Sending from a Free Email Domain

If your business still sends from yourbusiness@gmail.com or @xtra.co.nz, you're hurting deliverability. DMARC policies on those domains will actively block mail sent on their behalf from third-party tools. Always send from your own domain (e.g. hello@yourbusiness.co.nz).

5. Poor Sender Reputation

Even with perfect authentication, your emails can be filtered if:

  • You're sending from a shared IP with other spammy senders
  • Your bounce rate is high (old or scraped lists)
  • Recipients frequently mark you as spam
  • You've suddenly increased sending volume without warm-up

6. Spammy Content Triggers

Content matters less than it used to, but these still cause problems:

  • All-caps subject lines ("URGENT!!! OPEN NOW")
  • Single large image with no text
  • Shortened links (bit.ly, tinyurl)
  • Attachments like .zip or .exe
  • Misleading "From" names that don't match the sending domain

How to Fix It: A Step-by-Step Checklist

Here's the order we recommend for any NZ business auditing their email setup:

  1. Audit your current DNS records. Check what SPF, DKIM, and DMARC records exist on your domain today.
  2. List every service that sends email as you. Microsoft 365, Google Workspace, Xero, Mailchimp, your booking system, your CRM — all of it.
  3. Build one clean SPF record that includes all legitimate senders, ending in -all.
  4. Enable DKIM on every sending platform. Don't skip the ones you use less often.
  5. Publish a DMARC record starting with p=none and a reporting address you actually monitor.
  6. Review DMARC reports weekly for the first month to catch any misconfigurations or spoofing attempts.
  7. Tighten DMARC to p=quarantine after 2–4 weeks of clean reports, then to p=reject.
  8. Warm up new sending domains slowly if you're switching providers or launching a big campaign.
  9. Clean your mailing lists regularly — remove bounces and inactive contacts.
  10. Add a BIMI record once DMARC is enforced, to display your logo next to emails in supporting clients.

NZ-Specific Tips

  • .co.nz and .nz domains have no special treatment by global filters, but make sure your DNS host (many NZ registrars) supports TXT records with adequate length.
  • Xtra/Yahoo users are a significant chunk of NZ consumer email. They're particularly strict on DMARC — don't ignore them.
  • Kiwi small businesses often use Xero for invoicing. Remember that invoice emails sent "from" your domain via Xero need Xero's DKIM configured, or they'll fail DMARC.

Check Your Setup in 30 Seconds

Not sure if your domain is configured correctly? You don't need to guess.

Try xteam's free MailCheck tool →

MailCheck instantly analyses your domain's SPF, DKIM, DMARC, and BIMI records, flags any issues, and shows you exactly what to fix — in plain English. It's free, there's no signup required, and it's built specifically for New Zealand businesses.

Stop losing customers to the spam folder. Check your domain now, and get your email landing where it belongs: the inbox.