Email Deliverability:
Why Your Emails Land in Spam
10.5% of all emails are routed to spam. Here is every reason your Shopify emails might be landing there — and exactly how to fix it.
Your emails land in spam because of one or more of five reasons: missing authentication (SPF, DKIM, DMARC not configured), poor sender reputation (too many spam complaints, high bounce rate), unengaged list (sending to inactive subscribers who haven’t opened in 90+ days), spam trigger content (certain words, excessive images, or link patterns), or sudden volume spikes (sending to a large cold list without warming). Fix authentication first — it is mandatory in 2026 for bulk senders and affects every email you send.
2024/2025 Gmail and Yahoo requirements — now enforceable
Google and Yahoo introduced mandatory requirements for all bulk email senders in 2024 that are now actively enforced: full SPF, DKIM, and DMARC authentication; one-click unsubscribe; and a spam complaint rate below 0.3%. If you are sending more than 5,000 emails per day and have not implemented these, your inbox placement rate is already being affected. Check your authentication settings today.
Email Authentication — The Non-Negotiable Foundation
Email authentication proves to inbox providers that your emails are legitimately from your domain. Without it, your emails are treated as potentially forged — because without authentication, there is no technical way to distinguish your legitimate email from a phishing email pretending to be you.
The Three Authentication Records
How to set it up: Add a TXT record to your domain’s DNS. Your email platform (Klaviyo, Omnisend) will provide the exact record to add. Example:
v=spf1 include:email.klaviyo.com ~allWhere to check: MXToolbox SPF Checker (free) — enter your domain and it will show your current SPF record status.
How to set it up: Your email platform generates a DKIM key pair. Add the public key as a TXT record in your DNS. Klaviyo, Omnisend, and all major platforms guide you through this in their domain verification settings.
Status: Mandatory for Gmail and Yahoo bulk senders as of 2024.
Minimum requirement: DMARC at
p=none (monitor mode) is required by Gmail and Yahoo for bulk senders. Setting p=quarantine or p=reject provides stronger protection.DNS record format:
v=DMARC1; p=none; rua=mailto:[email protected]Quick authentication check — do this now
Go to mail-tester.com. Send a test email to the address they provide. Get your score. Anything below 8/10 indicates authentication or content issues that are actively hurting your inbox placement. The tool identifies exactly what needs fixing and links to remediation guides for each issue.
Sender Reputation — Why Inbox Providers Trust or Distrust You
Sender reputation is a score that inbox providers assign to your sending domain and IP address based on your historical sending behaviour. High reputation = emails reach the inbox. Low reputation = emails go to spam, regardless of how good your content is.
The metrics that build or destroy sender reputation
What destroys sender reputation
| Action | Reputation Impact | How to Avoid |
|---|---|---|
| Sending to purchased lists | Catastrophic | Never buy email lists. Only email opted-in subscribers. |
| Sudden send volume spikes | Severe | Warm up new domains gradually. Never jump from 100 to 100,000 sends overnight. |
| High spam complaint rate | Severe | Make unsubscribing easier than spam-reporting. Segment to reduce irrelevance. |
| Sending to unengaged subscribers | Significant | Suppress subscribers who haven’t opened in 90+ days from campaigns. |
| High hard bounce rate | Significant | Verify email addresses at capture. Clean list monthly to remove invalid addresses. |
| Inconsistent sending patterns | Moderate | Send at consistent frequency. Sudden gaps followed by volume spikes look suspicious. |
List Hygiene — The Ongoing Work of Deliverability
A clean list is a high-reputation list. Every invalid email address, every spam trap, and every unengaged subscriber on your list is costing you inbox placement on every send. List hygiene is not a one-time task — it is an ongoing maintenance practice.
List hygiene checklist
- Remove hard bounces immediately after every send
- Suppress subscribers who have not opened or clicked in 90 days from campaigns
- Remove or suppress subscribers who have not opened in 180 days entirely
- Run win-back sequences before permanently removing lapsed subscribers
- Use double opt-in for new subscribers in high-risk acquisition channels
- Verify email addresses at the form submission level (e.g., ZeroBounce, NeverBounce)
- Monitor spam complaint rate weekly via Google Postmaster Tools
- Never import email lists from external sources without verified opt-in proof
- Clean your list before every major campaign send (BFCM, Christmas)
Content and Technical Spam Triggers
Even with perfect authentication and a clean list, specific content patterns trigger spam filters. Modern spam filters use AI to analyse the full email — not just keywords — but certain patterns consistently correlate with spam classification.
Content patterns that trigger spam filters
| Pattern | Why It Triggers Spam | Fix |
|---|---|---|
| ALL CAPS in subject line | Classic spam signal — aggressive visual pattern | Use sentence case. Never use ALL CAPS. |
| Multiple exclamation marks | Urgency manipulation signal | Zero exclamation marks in subject lines as a rule. |
| Spam trigger words (FREE!!!, WIN, GUARANTEED) | High-frequency pattern in known spam | Use alternatives: “exclusive,” “save,” “included.” |
| Image-only emails (no text content) | Filters can’t read images — suspicious | 60/40 text-to-image ratio minimum. |
| Too many links | Link farms are a spam signal | 3–5 links maximum per email. |
| Hidden text (white text on white background) | Classic spam trick — filters flag it | Never hide text. Filters detect it reliably. |
| Misleading subject line (RE:, FWD: fake) | Deception signal — high spam complaint trigger | Never use fake reply/forward prefixes. |
| Link to URL-shortened domains | Associated with phishing | Always link to your actual domain directly. |