How to Keep Cold Emails Out of Spam
Actionable checklist of everything that triggers spam filters with fixes for each.
How Spam Filters Actually Work
Spam filters are not a single check. They are layered scoring systems run by receiving mail servers, inbox providers (Google, Microsoft, Yahoo), and enterprise security gateways like Proofpoint, Mimecast, and Microsoft Defender. Each layer evaluates your email differently, and a message needs to pass most of them to reach the inbox.
Authentication is the first gate. Before a server reads your content, it checks your DNS records. SPF tells the server whether the IP that delivered your email is authorized to send on behalf of your domain. DKIM verifies the message has not been tampered with in transit. DMARC tells the server what to do when either check fails — and whether the From header domain aligns with the authenticated sending domain. A message that fails authentication does not necessarily get rejected outright at p=none, but it starts with a scoring penalty that the rest of your email has to overcome.
Reputation is how providers track sender behavior over time. Every IP address and domain that sends email accumulates a sending history. Google, Microsoft, and Yahoo maintain reputation signals internally. Third-party services like Spamhaus and Barracuda maintain public blacklists. A high bounce rate, a high complaint rate, or a sudden sending spike on a new domain all damage reputation scores. Reputation signals are the most durable factor: a strong reputation can offset weak content, but a weak reputation can sink a well-written email.
Content scoring is what most senders focus on first, but it is usually the last problem to fix, not the first. Content filters look for patterns associated with spam: trigger words, excessive capitalization, HTML-heavy formatting, image-heavy layouts with little text, certain URL patterns, and high link-to-text ratios. Modern content filters use machine learning trained on large spam datasets, so they catch patterns beyond simple keyword lists. What they are ultimately classifying is whether this message looks like it was written by a person to a specific recipient, or like a bulk marketing blast.
Engagement is how inbox providers adjust filtering over time. If recipients open your emails, reply to them, and do not mark them as spam, the provider treats your subsequent sends more favorably. If recipients ignore them or mark them as spam, filtering tightens. This is why warmup works: it builds an engagement history on a new account before real campaigns start. It is also why warmup with real engagement signals matters more than simply warming up with fake opens that carry no behavioral signal.
Specific Things That Trigger Spam Filters
These are the signals that move cold email toward the spam folder, in rough order of how often they cause problems.
Missing or misaligned DNS authentication. No SPF record, no DKIM signing, or DMARC alignment failure will push you toward spam before any other signal is evaluated. For Amazon SES users, the default MAIL FROM domain is amazonses.com, which means SPF passes for SES's domain but DMARC alignment fails for yours. This requires a custom MAIL FROM subdomain on your sending domain to fix.
High bounce rates. Sending to invalid addresses tells providers your list is low quality. Bounce rates above 2% damage sender reputation measurably. Above 5%, some providers will start blocking or throttling delivery from your domain entirely.
High complaint rates. Google treats a complaint rate above 0.1% as a signal that your mail is unwanted. Above 0.3%, Gmail begins filtering more aggressively. These thresholds come from Google's sender guidelines and are visible through Google Postmaster Tools data for your domain.
Sudden volume from a new domain. A domain that sends zero emails for two weeks and then sends 5,000 in a day looks exactly like a spam domain registered for a campaign. Providers expect gradual volume growth. Sudden spikes are a reliable filter trigger regardless of how clean your content is.
Spam trigger words and formatting patterns. Subject lines with urgency language ("act now," "limited time"), financial promises ("earn money fast," "risk free"), or excessive punctuation raise content scores. Heavy HTML with colored fonts, large buttons, or image-heavy layouts with minimal readable text also score negatively across most filter systems.
Links to untrusted domains or shortened URLs. URL shorteners obscure the destination and are heavily associated with phishing. Links to domains with poor reputation carry that reputation into your message. Keep links to a minimum in cold email and avoid shorteners entirely.
Want every check on this page run automatically?
EmailQo runs SPF, DKIM, DMARC, blacklist, and content checks before every campaign — on your own Gmail, Outlook, or AWS SES sending account. Start the 7-day free trial, no card.
Start free trial →What Cold Email Senders Get Wrong
The most common mistake is treating content as the primary lever when the infrastructure is the actual problem. A sender who has misconfigured DMARC, skipped warmup, and is sending from a two-week-old domain will not fix their spam rate by rewriting subject lines. The authentication and reputation layers score the message poorly before the content filter runs. Rewriting copy cannot fix a scoring deficit created upstream.
The second mistake is sending cold email from a primary business domain. If outreach activity damages the reputation of your main domain through bounces or spam complaints, that damage extends to every email your company sends — transactional mail, customer support responses, sales replies to warm prospects. Dedicated sending domains create isolation so cold email reputation problems cannot spread. Register separate domains that are close variants of your main domain and use those exclusively for outreach.
The third mistake is treating warmup as optional. Senders who skip it because they are impatient usually pay for it with poor deliverability in the first one to two weeks, then spend the following weeks rebuilding a damaged domain. Two to four weeks of warmup adds less total time than recovering from a damaged sending account, and new domains with no warmup history have essentially no sender reputation to draw on.
The fourth mistake is pushing too much volume through too few accounts. Thirty to fifty cold emails per day is a reasonable ceiling for a single Gmail or Outlook account before volume signals start increasing filter risk. If you need to send more, the answer is more accounts and sender rotation, not higher volume per account. Spreading the same total volume across five accounts produces far better placement than concentrating it in one.
Practical Fixes in Order of Impact
Fix authentication first. Publish SPF, DKIM, and DMARC on every sending domain before anything else. For SES, configure a custom MAIL FROM subdomain so SPF alignment passes for your domain rather than Amazon's. Verify all three records are passing by checking Gmail's "Show Original" headers on a test send, or running your domain through MxToolbox.
Warm up every new account. Start at 10 to 20 emails per day, increase by 10 every few days, and run for two to four weeks before adding accounts to live campaigns. Do not run cold outreach on accounts that have not been warmed up. The warmup period is not negotiable — it is the mechanism by which a new account earns the reputation needed to send at scale.
Send from infrastructure you control. Use Gmail, Outlook, Zoho, or Amazon SES accounts you own rather than shared sending pools where other senders can affect your reputation. On shared infrastructure, a high-complaint sender on the same IP pool pulls down placement for everyone sharing it.
Verify your list before sending. Remove invalid addresses, role-based inboxes (info@, hello@, support@), and addresses from previous bounce events. Target a bounce rate below 2%. List verification is a one-time cost per campaign that prevents ongoing reputation damage.
Review content after everything else is clean. Check for trigger word stacking, link-heavy body copy, and HTML formatting that reads as marketing material. Run pre-send checks that simulate enterprise filters before each campaign. Content is the last thing to optimize, not the first — but once the infrastructure layer is solid, content review is worth doing before every send.
How EmailQo Helps You Avoid Spam Filters
EmailQo runs pre-send checks before every campaign that cover the most common spam filter triggers: spam trigger word scanning, SPF, DKIM, and DMARC validation, blacklist lookup across major lists, and enterprise filter simulation. Built-in warmup is included on every plan to establish sender reputation before outreach starts. These checks surface infrastructure and content problems at the point where they can still be fixed rather than after your deliverability has already been affected.
Related Resources
Keep the guide close — get deliverability tips monthly
One short, useful email per month covering SPF/DKIM/DMARC pitfalls, warmup, and cold-email content. No spam. Unsubscribe anytime.
By subscribing you agree to receive occasional tips at this address. See our Privacy Policy. Unsubscribe anytime from any email or at /unsubscribe.
Keep reading