Sydney IT

Email deliverability · blacklists · every mail provider

Emails going to spam? Treat it like an incident.

Here's the short version: when business email suddenly starts landing in spam or bouncing back, your domain or your sending server has almost certainly been put on a blocklist. The removal form is the easy part. What matters is working out why you were listed, because if you skip that and just request delisting, you'll be back on the list inside a week, and second listings are harder to shift. Find the cause, fix it, then delist. In that order.

Step 1 · Diagnose

Work out the blast radius first.

Five minutes of diagnosis here saves days of guessing later.

First question: is mail failing to one place, or everywhere? If one customer's company never sees your email but everyone else does, that's probably their spam filter, and a polite request to their IT to allow your domain fixes it. If Gmail, Outlook and your suppliers all started binning your mail in the same week, you're on a list. Different problems, different fixes, so settle this before touching anything.

Second: read the actual bounce messages, don't just delete them. Most rejections name the blocklist that triggered them, and many include a link to your listing. Then look up your domain and your sending IP address on the major public blocklists; each runs a free checker. Check Spamhaus first, because so much of the world's mail filtering leans on its data. A listing there explains a sudden drop everywhere at once.

  • One recipient only. Their filter, not a blacklist. Ask their IT to allow your domain and move on.
  • Everyone at once. You're listed. Stop resending and start finding the cause.
  • Bounces are evidence. They usually name the list and the reason. Keep them, don't bin them.
  • Check both. Your domain and your sending IP can be listed separately. Look up each one.
Step 2 · The cause

Why you got listed.

Blocklists don't list you for nothing. Something sent spam from your name or your connection. Five causes cover nearly every case.

ACCT

A compromised mailbox

The most common cause by a mile. Someone's password was phished and their account has been quietly firing out thousands of spam emails. Check Sent Items for mail nobody remembers sending and review the account's recent sign-in activity. Rotate the password and turn on multi-factor authentication before you do anything else.

BULK

A marketing blast

A newsletter to a big old list, sent all at once. Enough recipients mark it as spam, or enough dead addresses bounce, and the blocklists take notice. If the listing landed the day after a send, you have your answer.

PC

An infected machine

A computer in the office running malware that sends spam in the background. Everything looks normal at the desk while your connection's reputation burns. Scan every machine, and don't stop at the first infection you find.

HOST

Bad hosting neighbours

On cheap shared hosting, your website sends mail from the same server as hundreds of strangers. One of them spams, the shared IP gets listed, and you're taken down with it. You did nothing wrong, and it will keep happening until your mail moves somewhere reputable.

AUTH

Missing authentication

No SPF, DKIM or DMARC on your domain means receivers can't tell your real mail from a forgery. Spammers forge unprotected domains constantly, and the mess lands on your reputation. Step 3 closes that door.

Step 3 · Authentication

SPF, DKIM and DMARC, in plain English.

Three DNS records that prove your mail is really yours. Gmail and Yahoo now demand them from bulk senders, and mail without them is treated as spam-suspect by default. Ten years ago they were optional. They aren't any more.

SPF

The approved sender list

A public record listing which servers are allowed to send email for your domain. Receivers check it on every message, and mail from anywhere else fails the test. It proves the message left a server you approved.

DKIM

The tamper-proof seal

Your mail server signs each outgoing message, and the receiver checks that signature against a public key in your DNS. It proves the message really came from your domain and nobody altered it on the way.

DMARC

The instructions

A policy that tells receivers what to do when a message fails the other two checks: deliver it, quarantine it or reject it, and where to send the reports. It proves you take forgery of your own name seriously, and receivers reward that.

Step 4 · Delist

Request removal only after the cause is dead.

Every major blocklist runs a removal process, and for standard delisting the big ones don't charge. You look up your listing, it tells you roughly why you're on there, you confirm the problem is fixed and you request removal. If the spam has genuinely stopped, removal usually goes through quickly. If it hasn't, you'll be relisted within days, and lists remember repeat offenders. That's why cause first, form second is the whole game.

One warning while you're searching: you'll find paid "blacklist removal services" promising fast delisting. Most of them fill in the same free form you could, without fixing anything, and charge you for the privilege. If someone guarantees removal for a fee before they've even asked what caused the listing, close the tab.

Step 5 · Recover

Rebuild the reputation, gently.

Delisting unlocks the door. Reputation is what keeps it open. Mail providers score senders continuously, and a domain fresh off a blocklist is on thin ice, so don't celebrate by blasting your whole database. Resume normal one-to-one sending first, then ramp any bulk mail back up gradually over a couple of weeks.

Keep the list clean while you do it. Remove addresses that bounce, drop people who never open, and never send to a purchased list. Bought lists are stuffed with dead addresses and spam traps, addresses that exist purely to catch senders who never had permission. One purchased-list send can undo the whole recovery.

The honest bit

What a week on a blocklist actually costs.

While you're listed, the quotes you email don't arrive, the invoices don't get seen, and customers quietly conclude you're ignoring them. Nobody rings to tell you your mail went to spam. They just stop replying, and you find out weeks later when the awkward "did you get my email?" conversations start.

Then comes the workaround damage: staff start sending from personal accounts to get around it, which looks unprofessional and scatters business records across mailboxes you don't control. A listing that takes a day to fix properly can cost weeks of missed work if it's left to drift. Treat it with the urgency of the phones going down, because that's exactly what it is.

Common questions

Good to know

Why are my emails suddenly going to spam?

Almost always because your domain or the server that sends your mail has been added to a blocklist, a shared database of senders flagged for spamming. Mail providers check those lists on every delivery. Nobody warns you when you're added; the first sign is customers not replying and bounce messages piling up.

How do I find out which blacklist my domain is on?

Read the bounce messages first. They usually name the list that rejected you and often include a link to your listing. Then look up your domain and your sending IP address on the free checkers the major public blocklists run. Check Spamhaus first, because so much of the world's mail filtering leans on its data.

Can I just request delisting straight away?

You can, but if the cause is still live you'll be relisted within days, and lists remember repeat offenders. Delisting only sticks once the spam has actually stopped. Find the cause, fix it, then request removal. Done in that order, it usually goes through the first time.

Should I pay a delisting service to get removed?

No. The major blocklists don't charge for standard delisting, and most paid removal services just fill in the same free form you could, without fixing anything. You get relisted and you're out the fee as well. Put that effort into finding the cause instead.

What are SPF, DKIM and DMARC?

Three DNS records that prove your email is genuine. SPF lists the servers allowed to send for your domain, DKIM puts a tamper-proof signature on every message, and DMARC tells receivers what to do with mail that fails those checks. The big mail providers now expect all three, and mail without them is treated as spam-suspect by default.

How long does email reputation take to recover?

Delisting itself is often processed within a day or two once the cause is genuinely fixed. Reputation takes longer. Expect days to a few weeks of normal, clean sending before spam folder placement settles down. Ramp bulk mail back up gradually and keep your lists clean, and it recovers faster.

Explore the services

Get in touch

Want your email landing in inboxes again?