8 July 2026 · 7 min read

When your quote lands in spam

Email that doesn't arrive is the quietest business risk: no error, no notice, just no reply. Why the rules have tightened and how to get your company's email on the safe side

The most uncomfortable kind of "no reply" is the one nobody knows about: the quote went out, clean and on time - and landed in the recipient's spam folder. No error, no bounce, nothing. You wait for the customer, the customer waits for you. This happens more often than you'd think, and more often than it did two years ago. Here's why, and what to do about it.

The quietest risk in daily business

Email feels like a law of nature: send it, it arrives. In reality, the receiving provider makes a fresh decision about every single message - inbox, spam folder, or not accepted at all.

The treacherous part is the silence. A letter that doesn't arrive eventually comes back. An email in a spam folder triggers nothing - no error on your side, no notice on the recipient's. The quote simply goes unanswered, and both sides draw their own conclusions: the customer thinks you never got back to them. You think the customer isn't interested.

For ordinary business correspondence, the size of the problem can't be measured honestly - no solid data exists. For bulk sending it can: industry benchmarks put roughly one in six legitimate, permission-based marketing emails outside the inbox. Your individual quote has better odds than a newsletter. But it plays by the same rules.

The rules have tightened

For a long time, email was remarkably tolerant: anyone with an address could send, and recipients sorted by feel. That era is over. In early 2024, Google introduced technical minimum requirements for everyone sending to Gmail addresses - that means any company sending even a single email to a Gmail address. Bulk senders have to prove even more. Microsoft followed in 2025 for its mailboxes: mail from senders without credentials goes to the junk folder first, and at a later stage will be rejected outright.

The reason is understandable: the overwhelming share of the world's email traffic is junk or fraud, and the big providers protect their users by demanding proof of identity from the sender. Provide it, and you're in a better position than ever. Without it, you're sending with the handbrake on - and not noticing, because the mail does "go out".

Your domain's identity papers

The proof of identity consists of three records that belong to your domain - the part of your addresses after the @. You don't need to be able to set them up yourself, but understanding what they do lets you ask the right questions.

The sender list (SPF) publicly declares which servers may send on your behalf. If a mail arrives from a server that isn't on the list, that's a warning sign for the recipient.

The seal (DKIM) is a tamper-proof signature attached to every message. The recipient can verify that it genuinely comes from your domain and wasn't altered along the way.

The instruction (DMARC) tells receiving providers what to do with mail that fails those checks - reject it, sort it out, or let it through - and sends you reports about it. It also protects your name: without it, any fraudster can send mail that looks like it comes from your company.

All three are one-off configuration work, not a subscription and not a project. It doesn't take a professional long to set them up. After that they simply run - until someone changes something in the environment.

The risky moments

And that's the second half of the truth: delivery problems rarely appear out of nowhere. They appear with change - and specifically with the changes that feel like progress.

Switching to a new mail provider or a new domain is one of them: new servers suddenly send on your behalf, and the old records know nothing about it. A domain move should therefore be planned as a whole, with deliverability as its own item on the list - we've described what an orderly move looks like in one of our case studies.

Deep Dive

A new domain, new addresses for the whole team - and a migration night behind the scenes

Just as risky is every new tool that sends on your behalf without you thinking of it as a mail program: the accounting software that sends invoices. The newsletter tool. The website's contact form. The booking system. To receiving providers, each of these is a sender claiming to be your domain - and each needs to be on your sender list and carry your seal. The pattern is always the same: the new tool gets set up, it works in testing, everyone's happy - and the invoices land in spam for half your customers, because one record is missing.

What it isn't, by the way

A lot of folklore circulates around spam folders: no capital letters in the subject line, avoid the word "free", not too many images. There's a kernel of truth in those rules - clumsy sales language never helps. But they come from another era. Today, the identity question comes first: can the recipient verify that this mail really comes from your domain?

That also explains a pattern many people know and few can place: the same quote, the same text, the same attachment - it arrives at one customer and not at another. The content is almost never the reason. The reason is that some recipients check more strictly than others, and your domain narrowly passes the test with one and narrowly fails it with the other. Polishing the subject line while the records are missing is polishing the wrong thing.

How you notice something's wrong

Because the problem is silent, it shows up in patterns rather than messages. Customers mention in passing on the phone, "ah, that was in my spam". Quotes go conspicuously unanswered while phone calls run normally. Meeting invitations don't get accepted. Certain large customers - often the ones with strict IT - can reach you, but you can't reach them.

Each of these signs on its own is coincidence. Two of them together are a reason to check. The good news: whether your domain's three records are set up properly can be verified from the outside in a few minutes - that's not detective work, it's a look into public directories.

You can even get a first indication yourself, with no tools at all: send an email from your business address to a private Gmail account. If it arrives in the inbox there, open it and find "Show original" in the message menu. Gmail displays a small table showing whether your domain passes the three checks - if all three say "PASS", the foundation is sound. If they say something else, or the mail lands in spam straight away, you have your answer. Five minutes, no expertise required.

What to do

If you take one thing from this article: have your domain's setup checked once - especially if your company never consciously set anything up. "It's always worked" stopped being a diagnosis in 2024. It's now a gamble with worsening odds every year.

In practice that means: set the three records for your domain properly, identify and authorise every tool that sends on your behalf, and treat deliverability as a fixed item in every future change - new provider, new tool, new domain - instead of patching it up as a surprise. Done right once, email goes back to being what it should be: boring and reliable.