Why Your Emails Are Still Going to Spam (And How to Fix It in 3 Minutes)

You’ve checked all the boxes. You meticulously set up your SPF and DKIM records for Google Workspace, breathed a sigh of relief, and hit send.

But then… your emails are still landing straight in your clients’ spam folders.

What gives?

The truth is, your email authentication setup is probably missing its final, crucial piece: DMARC.

Without it, receiving servers are left playing a guessing game with your emails—and they almost always guess “spam.”

Here is exactly how to fix it in less than three minutes.

The Email Security Trio: SPF, DKIM, and DMARC

Think of your email security as a high-security event. To get past the bouncer (the recipient’s email server), you need three things:

• SPF (Sender Policy Framework): The Guest List. This tells the receiving server exactly who is authorized to send emails on behalf of your domain.
• DKIM (DomainKeys Identified Mail): The Wax Seal. This adds a cryptographic signature to your emails, proving they haven’t been tampered with or altered while traveling across the internet.
• DMARC: The Instruction Manual. This tells the receiving server exactly what to do if an email fails the SPF or DKIM checks.

The Big Problem: Without DMARC, if a spammer tries to spoof your email, the receiving server doesn’t know how to handle it. To protect their user, they safely tuck your legitimate emails into the spam folder just in case.

The 3 Flavours of DMARC

When you set up DMARC, you have to choose a policy to tell servers how strict they should be.

Policy	What It Does	Best For
p=none	Monitor Only. Emails are delivered normally, but you get reports on who is sending mail as you.	Beginners. This is exactly where Google recommends you start so you don’t accidentally block your own emails.
p=quarantine	Send to Spam. Any suspicious emails failing authentication are automatically sent to the junk folder.	Step 2. Move to this once you’re confident your settings are correct.
p=reject	Block Entirely. Fake or unauthorized emails are blocked completely before they ever touch an inbox.	The Goal. Ultimate protection for established domains.

Step-by-Step: How to Add Your DMARC Record

Ready to fix this? Head over to your DNS Provider (where you bought your domain name, like GoDaddy, Namecheap, or Digital Pacific) and follow these steps:

1. Create a New Record

Click Add Record in your DNS management zone.

2. Fill in the Details

• Type: Select TXT
• Name / Host: Type _dmarc (Don’t forget the underscore!)
• TTL (Time to Live): Set this to 300 (or the lowest number your provider allows).
• TXT Data / Value: Copy and paste the following line:

v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com

⚠️ Crucial Edit: Change dmarc@yourdomain.com to a real, active email address on your domain where you want to receive security reports.

3. Save it!

Click Confirm or Save.

How to Verify It’s Working

DNS changes can take a few minutes to ripple across the internet. Once you’ve waited a moment, head over to MX Toolbox to check your work:

1. Enter your domain name.
2. Click DMARC Lookup.
3. If it pulls up a green checkmark showing your p=none policy, congrats! Your DMARC is live.

Troubleshooting Common Hiccups

If MX Toolbox isn’t showing a green light yet, check for these two common setup mistakes:

• Missing the Underscore: The host name must be _dmarc.
• The “Full Domain” Quirk: Some DNS providers require you to write out the full domain path in the host field. If _dmarc fails, try changing the name to _dmarc.yourdomain.com.
• Formatting Errors: Double-check your TXT value. Ensure rua=mailto: is spelled correctly and there are semicolons separating the pieces.

---