Short answer: your cold email goes to spam because the receiving mail server cannot trust it, your sending reputation is thin or damaged, or your list is dirty — usually in that order. Spammy words and links matter too, but they are the last reason on the list, not the first. Most people get this backwards. They rewrite the copy and change the subject line while the actual problem sits untouched in their DNS.
There is one trap that hides all of this from you: your dashboard reports opens, so you assume the email is being read. It is not. Open tracking works by loading a tiny invisible image. Spam filters, security scanners, and image proxies load that image automatically before a human ever sees the message — if a human ever does. So a campaign can show a healthy "open rate" while every email sits in a spam folder no one checks. Opens are activity around your message. They are not inbox placement. Those are different things, and confusing them is how people burn months on outbound that was dead on arrival.
This is the cause almost nobody checks and the one that does the most damage. Three DNS records tell a receiving server "this mail is really from us":
TXT record at your domain's apex listing which IPs are allowed to send for you.selector._domainkey. An empty p= value means the key was revoked and your signing is silently dead._dmarc TXT record telling receivers what to do when SPF or DKIM fail to align: p=none is monitor-only, p=quarantine sends to spam, p=reject bounces the mail.Since 2024, Google and Yahoo's bulk-sender rules require SPF, DKIM, and DMARC for anyone sending at volume, plus one-click unsubscribe and a spam-complaint rate under 0.3%. Miss any of the authentication pieces and unaligned mail goes straight to spam by default. The cruel part: SPF is easy to set up, so people set it and assume they are covered — while DKIM is quietly broken or DMARC was never published. When we ran live authentication checks on 130 real B2B companies in June 2026, 100% had SPF, but 18.5% had no detectable DKIM at all. They looked authenticated. They were not.
Even with perfect records, mailbox providers score the reputation of your domain and sending IP. A brand-new domain has none, so it is treated with suspicion. A domain that has sent to bad addresses, triggered complaints, or spiked in volume has a bad reputation, which is worse than none. Reputation is sticky. It is built slowly and lost quickly, and it follows your domain — which is why people who blast first and ask questions later end up unable to reach the inbox from their main domain at all.
The fastest way to wreck a good reputation is a bad list. Scraped or stale data is full of dead addresses and spam traps — addresses that exist only to catch senders who didn't verify their list. Hitting traps and bouncing hard tells providers you don't know who you're emailing, which is the single clearest signal of a spammer. A small, verified list beats a huge unverified one every time, because deliverability is about trust, not reach.
A domain that sent 5 emails yesterday and 2,000 today looks compromised, not enthusiastic. Providers expect organic ramp-up. Warmup means starting with low daily volume and steady, positive engagement, then increasing gradually so your reputation has time to form. Skip it — or scale too fast — and you trip volume-based filters regardless of how clean your authentication and list are.
This is real, but it is last for a reason. Once the foundation is solid, content can still hurt you: link shorteners, mismatched or unfamiliar tracking domains, image-heavy emails with little text, risky attachments, and obvious mail-merge errors all add risk. But if you are landing in spam, content is almost never the root cause — and rewriting copy on a broken foundation changes nothing.
In our June 2026 benchmark of 130 real B2B companies, about half had at least one deliverability gap, 5.4% had no DMARC at all, and roughly 37% had DMARC published but set to p=none — monitoring only, enforcing nothing. None of that shows up in a sending tool's "open rate." The dashboard counts pixel loads. It cannot tell you whether a human in your target account ever saw the message. Full data and methodology live at our 2026 deliverability benchmark.
The throughline: opens ≠ inbox placement. A 40% open rate on mail that's landing in spam is not engagement — it's filters and scanners loading your tracking pixel on the way to the junk folder. Diagnose placement, not opens.
You can check the high-impact causes yourself, right now, without any tools:
TXT at the apex), DKIM (at selector._domainkey), and DMARC (_dmarc TXT). If DKIM is missing or DMARC is absent, that's almost certainly your answer.p=none, you're monitoring, not enforcing. A null-MX record (0 .) means the domain receives no mail at all.PASS next to SPF, DKIM, and DMARC. Any FAIL is your culprit.If you'd rather skip the manual lookups, our free tool at /outbound-check/ runs these exact live checks — SPF, DKIM, DMARC, and MX — and returns an A–F grade in about 60 seconds. No signup. It won't rewrite your copy, because copy is rarely the problem. It tells you whether the foundation is sound.
We run B2B outbound end-to-end — authentication, reputation, list hygiene, warmup, and sending — so the foundation is sound before a single email goes out. You only pay for qualified conversations, billed on a public ledger. No pressure, and the free check above is genuinely free whether or not you ever work with us.
Type your domain and get an instant A–F grade on SPF, DKIM, DMARC, and MX — the same live checks we run for clients. No signup.
Run the Outbound Reality Check →No. Open tracking fires a pixel that spam filters, security scanners, and image proxies load automatically, so it counts opens for mail no human ever saw. Opens measure activity around the message, not inbox placement.
Broken or missing email authentication. If SPF, DKIM, and DMARC do not align, receivers cannot confirm you sent the mail, and Google and Yahoo route unauthenticated bulk mail straight to spam by default.
Rarely. Content is the last item on the list. If authentication, reputation, or list quality is broken, rewriting the email will not move it to the inbox. Fix the foundation first.
Look up your SPF, DKIM, and DMARC records, send a test to a Gmail account and view the raw headers for PASS or FAIL lines, and check your sending volume. Our free tool at /outbound-check/ runs these live checks and returns an A–F grade in about 60 seconds.