Understanding email spam filtering #

Modern email providers use multiple signals to decide whether your message should land in the inbox, spam folder, or be rejected.
If you’re facing email spam rejection, the most common causes include:

• Missing or misconfigured authentication (SPF, DKIM, DMARC)
• Blacklisted domain or IP (sender reputation problems)
• Risky sending habits (sudden volume spikes, poor list hygiene, repeated bounces)
• Content triggers (spammy wording, suspicious links, heavy attachments, bad formatting)

The fix is almost always a combination of: correct authentication + clean sending habits + safe content.

How outbound email is relayed on shared hosting #

On shared hosting environments, outgoing email is typically processed through secure mail infrastructure and protected by anti-spam controls.
This helps protect server reputation and improves deliverability for everyone on the platform.

SPF records: what they are and how to set them up #

SPF (Sender Policy Framework) is a DNS TXT record that authorizes which servers/services are allowed to send email for your domain.
Without an accurate SPF record, your messages are more likely to be rejected or placed in spam.

Important SPF rules (don’t skip these) #

• Only one SPF record per domain (merge everything into one TXT record).
• Include all senders: your hosting mail server AND any third-party provider (Google Workspace, Microsoft 365, marketing tools, CRMs).
• Keep it efficient: overly complex SPF can fail due to DNS lookup limits.

Safe SPF templates (use these as a starting point) #

Use ONE of the following templates, depending on how you send email. Replace placeholders with your actual values.

Template A: Typical hosting mail (simple)

v=spf1 a mx ~all

Template B: Hosting mail + explicit server IP (recommended if you know it)

v=spf1 a mx ip4:YOUR_SERVER_PUBLIC_IP ~all

Template C: Hosting mail + Google Workspace (example)

v=spf1 a mx ip4:YOUR_SERVER_PUBLIC_IP include:_spf.google.com ~all

Template D: Microsoft 365 only (example)

v=spf1 include:spf.protection.outlook.com ~all

Where to add SPF #

Add SPF as a TXT record where your DNS is hosted (Hosticko DNS, Cloudflare, your registrar, etc.). If your DNS is inside cPanel:
go to Zone Editor → select your domain → Manage → edit the TXT record that begins with v=spf1.

Other authentication methods: DKIM & DMARC #

DKIM (DomainKeys Identified Mail) #

• What it does: adds a cryptographic signature to prove the message wasn’t altered and is authorized.
• Where to enable it: often found in cPanel under Email Deliverability.

DMARC (Domain-based Message Authentication, Reporting & Conformance) #

• What it does: tells receiving servers what to do when SPF/DKIM fail and helps protect against spoofing.
• Starter DMARC example (adjust reporting email and policy as needed):

v=DMARC1; p=quarantine; rua=mailto:you@yourdomain.com

Best practices to avoid email spam rejection #

Use these proven steps to reduce email spam rejection and improve inbox placement:

• Authenticate everything: SPF + DKIM + DMARC properly configured and aligned.
• Keep content clean: avoid spam-trigger phrases, too many links, and suspicious attachments.
• Use consistent formatting: avoid “image-only” emails and broken HTML.
• Maintain sending reputation: warm up sending volumes gradually and avoid sudden spikes.
• Monitor blacklists: check domain/server IP on reputable blacklist tools.
• Never buy email lists: use opt-in lists only and remove bounces/unengaged recipients.
• Include an unsubscribe option for marketing/bulk emails.

Helpful tools and references:
MXToolbox,
Mail-Tester,
Google sender guidelines,
Microsoft email authentication overview.

Using Mail-Tester for diagnosis #

Mail-Tester is a simple way to check your spam score and see what’s failing (SPF/DKIM/DMARC, blacklists, content flags).
Use it before you send real campaigns.

1. Open Mail-Tester.
2. Copy the temporary email address shown on the page.
3. Send a test email from your domain to that address.
4. Return to Mail-Tester and click the button to check your score.
5. Fix issues shown in the report (authentication, blacklist, content).

Troubleshooting common issues #

SPF/DKIM/DMARC errors #

• Confirm DNS records exist in the correct DNS provider (not in the wrong panel).
• Wait for DNS propagation and re-test.
• Ensure SPF is a single merged record and includes all senders.

Blacklisted IP/domain #

• Check your domain and server IP against reputable blacklist tools.
• If listed, follow that blacklist’s delisting process and clean up the cause (compromised account, bad list, spammy scripts).

Content issues #

• Reduce link count and remove suspicious URLs.
• Avoid “shouting” formatting (ALL CAPS, excessive punctuation).
• Keep attachments small; host files securely instead when possible.

Third-party email providers (Google/Microsoft/marketing platforms) #

• Add the provider’s SPF include to your SPF record (still keep only ONE SPF record).
• Enable DKIM signing inside the provider where supported.
• Use the same From domain that is authenticated (alignment matters).

SMTP authentication problems #

• Always enable SMTP authentication in email clients and apps.
• Use the correct SMTP port (465 SSL/TLS or 587 STARTTLS).
• Make sure the username is the full email address.

When to contact Hosticko Support #

If you’ve followed the steps above and still face email spam rejection or unexplained bounces, contact Hosticko Support and include:

• Sender and recipient email addresses
• Email subject and approximate send time
• Any bounceback/error text (full message)
• Full email headers (if possible)
• What you already tried (SPF/DKIM/DMARC checks, Mail-Tester score, blacklist checks)

Open a ticket here:
https://client.hosticko.com/submitticket.php

Related Hosticko guides (update URLs to match your knowledgebase structure):
Understanding SPF Records for Email Deliverability,
Why Are My Emails Being Marked as Spam?,
How to Obtain Email Headers.

FAQs #

Why does email spam rejection happen even if SPF passes? #

Because deliverability uses multiple signals: DKIM/DMARC alignment, sending reputation, blacklist status, and message content can still trigger spam filtering.

Should I use DMARC p=reject immediately? #

Not usually. Start with monitoring/quarantine while you confirm all your legitimate senders pass authentication. Tighten to reject only when stable.

What’s the fastest way to diagnose email spam rejection? #

Use Mail-Tester for a quick score, check authentication (SPF/DKIM/DMARC), and review email headers to confirm pass/fail results.