Cold Email Spam Checklist: 21 Reasons Your Emails Aren't Hitting Inbox
A systematic checklist covering every technical, reputation, and behavioral reason cold emails land in spam — organized by category and priority.
When cold emails land in spam, it's rarely one thing. Usually it's a combination of factors that each contribute a small signal — and together tip the filter. This checklist covers all 21 causes, organized by how fixable they are.
Authentication issues (fix first)
1. Missing SPF record. Without SPF, your sending server isn't authorized. This is the most basic authentication failure. Check with the SPF checker and add the correct record for your ESP immediately.
2. Broken DKIM signature. DKIM key not published, wrong selector, or key rotated without updating DNS. Use the DKIM checker to confirm the key exists and is valid.
3. No DMARC record. Signals that the sender doesn't monitor authentication. Add at minimum v=DMARC1; p=none; rua=mailto:your@email.com.
4. SPF softfail treated as failure. Some receivers treat ~all (softfail) as a negative signal. If possible, use -all (hardfail) once you've verified all authorized sending sources.
5. Multiple SPF records. Only one v=spf1 record is allowed. Having two causes authentication failure. Merge them.
Domain and IP reputation issues
6. Listed on Spamhaus ZEN or DBL. Critical blacklisting that affects delivery to virtually every major provider. Run the blacklist checker to confirm and submit a delisting request after fixing the root cause.
7. Listed on Barracuda or SURBL. High-severity blacklisting that significantly impacts inboxing. Same fix as above.
8. Young domain (under 30 days). New domains have no reputation history. Providers apply extra filtering. Wait at minimum 30 days before cold email sends, 60 days ideally.
9. Domain used primarily for outbound only. Domains that only send and never receive look like spam infrastructure. Ensure MX records are configured and replies are routing somewhere real.
10. No or broken redirect. Sending domains should redirect to a real website. A domain that points nowhere or redirects to something suspicious signals spam infrastructure. Check with the redirect checker.
Sending behavior issues
11. Volume spike. Suddenly increasing send volume — even within provider limits — triggers filtering. Always ramp gradually. New inboxes should start at 2–3/day and ramp over 3–4 weeks.
12. High bounce rate. More than 2–3% hard bounce rate is a serious spam signal. Clean your lists before sending. Verify emails before adding to sequences.
13. Low engagement rate. If nobody opens, clicks, or replies — providers learn the mail isn't wanted. High-volume sending to low-engagement lists compounds over time.
14. Sending to role accounts. Emails to info@, admin@, support@ have high spam complaint rates and low engagement. Remove these from cold email lists.
15. Irregular sending patterns. Sends at 3am, massive batch sends followed by silence, or sends that don't match normal business email patterns all look automated and suspicious.
Infrastructure issues
16. Tracking domain proxied through Cloudflare. The single most common infrastructure mistake. Cloudflare proxying breaks click tracking and can affect deliverability. Set your tracking domain CNAME to DNS Only (grey cloud). Check with the tracking domain checker.
17. Tracking domain on same domain as sending domain. Click tracking on your primary sending domain risks contaminating your sending reputation with tracking behavior. Use a completely separate domain.
18. No PTR record for sending IP. Enterprise mail filters check that the sending IP has a reverse DNS record. SMTP setups especially need this. Check with the reverse DNS checker.
19. Sending from more than 3 inboxes per domain. Too many inboxes per domain concentrates sending patterns and increases domain-level spam signals. Maximum 3 inboxes per domain is the standard guidance.
Content and technical email issues
20. Too many links or images. HTML-heavy emails with multiple tracking links, images, and buttons look like marketing email to spam filters. Cold email should be plain text or near-plain text with at most one link.
21. Spam trigger words in subject or body. While content is less important than authentication and reputation, certain words and patterns still contribute to filtering. Run the subject line spam tester to check for obvious triggers.
How to use this checklist
Work through the list in order. Authentication issues are the highest priority and the easiest to fix. Reputation issues take longer. Behavior issues require process changes. Use the burn score calculator to get an overall health rating before and after fixing issues.
Run the checks first
Before replacing anything, run a free inbox placement test. You might find the issue is DNS, not the domain — and save yourself a week of unnecessary work.