Your Emails Are Going to Spam Right Now. You Just Don't Know It Yet.
James runs a commercial cleaning company in Glasgow. For nine months, every proposal he sent to office managers and facilities directors landed in their spam folders. He only discovered it when a client he'd been chasing for six weeks mentioned, almost apologetically, that she'd found his email "by accident." She almost missed it entirely. So did 21% of his revenue.
The Silent Revenue Killer
Here's what actually happened to James. His domain — cleaningscotland.co.uk — had been set up by a web developer three years ago. The developer built a nice WordPress site, configured the hosting, and moved on. Nobody configured email authentication. Nobody mentioned it needed doing. The site worked. The emails sent. Everything looked fine.
Meanwhile, every proposal James sent to a Gmail or Outlook address was being silently routed to spam. Not bounced. Not rejected with an error message. Just... delivered to a folder nobody checks. His open rate wasn't low because his subject lines were bad. It was low because his emails were never seen.
This is not a rare edge case. Over one in five legitimate business emails suffers the same fate. If your domain was set up by a web developer who didn't specifically configure SPF, DKIM, and DMARC — and most weren't — your emails are probably going to spam right now.2
What Changed: Google and Yahoo Moved the Goalposts
In February 2024, two companies that collectively process over 50% of the world's business email made a quiet change with enormous consequences. Google and Yahoo began requiring email authentication for anyone sending more than 5,000 messages per day. By late 2024, the requirement had effectively expanded to all business senders — regardless of volume. If your domain doesn't have proper SPF, DKIM, and DMARC records, your email deliverability is degrading every month.1
This wasn't announced with fanfare. Most business owners have no idea it happened. Their emails still send — they just don't arrive. The problem is invisible until someone tells you. And most people won't. They'll just assume you didn't reply.
The Real Cost of Doing Nothing
Let's quantify what James lost. He sends roughly 80 proposals per month — to prospective clients, existing customers with renewal quotes, and partners. At a conservative 30% response rate on properly delivered email, he should have been getting 24 responses a month. Instead, with 21% of his emails never reaching the inbox, he was losing 5 responses a month. Five conversations that never started. Five opportunities that evaporated silently.
His average contract value is £1,800. Five lost conversations per month, over nine months, at a 40% close rate: £32,400 in missed revenue. From three missing DNS records that take two hours to configure.
Now run the same calculation for your business. How many emails do you send per month? To clients? To prospects? To partners? What's a conversation worth to you? What's a lost conversation costing you?
📧 How much revenue is your email setup silently costing you? We'll check in 30 seconds.
Free Email Audit →"Email Isn't My Biggest Problem Right Now"
We hear this a lot. And we understand why — when you're running a business, fires burn everywhere. Staffing. Cash flow. Customer complaints. Email authentication sounds like a technical nice-to-have, not a revenue priority.
Here's the thing: email IS a revenue problem. If 21% of your outbound emails never reach their destination, and your business generates leads through email — proposals, quotes, follow-ups, invoices — then you're losing roughly 21% of the revenue those emails would generate. That's not a technical problem. That's a sales pipeline problem disguised as a technical one.
For James, 21% of 80 proposals per month meant 5 lost conversations. At £1,800 average contract value and a 40% close rate, that's £3,600 per month in revenue that simply evaporated. He had no idea. The fix took two hours.
Ask yourself: if someone told you that one in five of your sales calls never connected, would you consider that a priority? This is the same thing. You just can't hear the silence.
The Three Records: What They Are, What They Do, and Why Yours Are Probably Missing
We're going to explain exactly what SPF, DKIM, and DMARC are. Not in abstract technical terms — in terms of what happens when they're missing, and what changes when they're in place. Because if you're going to fix this, you should understand what you're fixing and why it matters.
SPF: Who's Allowed to Send From Your Name
SPF (Sender Policy Framework) is a TXT record in your DNS that lists which servers are authorised to send email from your domain. Think of it as a guest list at a private event. Without SPF, anyone can walk in wearing your name tag. Spammers can — and do — send email that appears to come from your domain. When receiving servers see mail claiming to be from @yourcompany.com coming from an IP address not on your SPF list, they flag it. Repeated flags damage your domain's sending reputation. Eventually, all your email gets treated as suspicious — including the legitimate ones.3
A properly configured SPF record looks like this: v=spf1 ip4:YOUR_SERVER_IP include:your-email-provider.com -all. The -all at the end is critical — it tells receiving servers to reject anything not explicitly authorised. Most default setups use ~all (soft fail — "let it through but mark it") which provides almost no protection.
DKIM: Proving Your Email Hasn't Been Tampered With
DKIM (DomainKeys Identified Mail) is a cryptographic signature attached to every email you send. It proves two things: that the email genuinely came from your domain, and that nobody modified its contents in transit. Without DKIM, a malicious actor between your server and the recipient's server could alter your email — change the bank details on an invoice, for example — and nobody would know.3
Setting up DKIM requires generating a public/private key pair, publishing the public key as a DNS TXT record, and configuring your mail server to sign outgoing messages with the private key. This is the step most businesses miss — it requires both DNS access and mail server configuration, and most web developers never touch it.
DMARC: The Enforcement Mechanism
DMARC (Domain-based Message Authentication, Reporting, and Conformance) ties SPF and DKIM together and tells receiving servers what to do when either check fails. Without DMARC, even if you have SPF and DKIM configured, receiving servers are free to make their own decisions — and they default to leniency, which means spam folders.2
DMARC operates in three modes: none (monitor only — collect data, don't block anything), quarantine (send failures to spam), and reject (block delivery entirely). The recommended progression: start at p=none, monitor for a month to ensure legitimate email passes, then graduate to p=reject. At reject, your domain can no longer be spoofed. Period.
What Changes When All Three Are in Place
Twenty-four hours after configuring SPF, DKIM, and DMARC correctly, your emails stop landing in spam folders. Your domain reputation begins to recover. Within a week, Gmail and Outlook treat your domain as authenticated. Within a month, your deliverability rate approaches 99%. You stop losing conversations you didn't know you were losing.
🛡️ Does your domain have all three? Most don't. We'll check in 30 seconds — free.
Check My Domain →"I Can Do This Myself" / "My Developer Can Handle It"
You're right — you can. SPF, DKIM, and DMARC are DNS records. Anyone with access to their domain's DNS settings can configure them. If you're comfortable generating cryptographic key pairs, editing TXT records, configuring mail server signing, setting up DMARC reporting, and testing deliverability across multiple email providers — go for it. Budget 7-10 hours if you've never done it before, plus the risk of breaking your email if you get a record wrong.
As for your web developer: most don't do this. Email authentication isn't part of a standard website build. Your developer built your site, configured your hosting, and moved on. If they had set up SPF, DKIM, and DMARC, you wouldn't have the problem you're reading about right now. We audit business domains daily. The vast majority have either no records, partial SPF with the weak ~all flag, or no DKIM at all. Your developer probably didn't set this up — not because they're bad at their job, but because it was never part of the brief.
The question isn't whether you can do it yourself. It's whether 7-10 hours of your time — plus the risk of getting it wrong — is worth more or less than £297 and a guarantee it works.
The Strategic Framework: How to Think About Email Authentication
We've now established what's broken, what it costs, and what fixes it. The remaining question is: how do you actually approach this? Here's the framework we use with every client. It takes two hours. It costs £297. And once configured, the records don't expire — this is a set-and-forget fix. No ongoing maintenance. No subscription. Your domain is permanently authenticated.
- Audit your current setup. We run a diagnostic on your domain. Which records exist? Which are properly configured? Which are missing entirely? Most domains we check have partial SPF, no DKIM, and no DMARC. The diagnosis takes 30 seconds. The list of gaps takes another 30.
- Configure SPF correctly. Not the default
~allsoft-fail that your hosting company set up. A proper-allhard-fail that actually protects your domain. This requires knowing every service that sends email on your behalf — your mail server, your CRM, your invoicing system, your marketing platform. We identify them all and authorise only them. - Generate and publish DKIM keys. We create a 2048-bit RSA key pair, publish the public key in your DNS, and configure your mail server to sign every outgoing message. This step alone eliminates the most common reason business email goes to spam.
- Deploy DMARC with reporting. We start at
p=none— monitor mode. For 30 days, we collect reports showing exactly who is sending email from your domain, from which IPs, and whether SPF/DKIM checks pass or fail. At the end of the monitoring period, we graduate top=reject. Your domain can no longer be spoofed. - Verify deliverability across providers. We test against Gmail, Outlook, Yahoo, and ProtonMail. We confirm your emails land in the primary inbox — not promotions, not spam, not silently discarded. We send you the results. If anything fails, we fix it before we close the case.
There's a Simpler Option: We Do It in Two Hours
"We Use Microsoft 365 / Google Workspace — They Handle This"
They don't. Microsoft 365 and Google Workspace provide the infrastructure for sending and receiving email — the servers, the inbox, the interface. They do not configure your domain's DNS records. SPF, DKIM, and DMARC live in your domain's DNS settings, which are typically managed by your domain registrar or hosting provider — not by Microsoft or Google.
Here's the quick test: go to MXToolbox and run an SPF check on your domain. If the result is "No SPF Record Found" or shows ~all (soft fail), Microsoft 365 hasn't configured it for you. Similarly, check DKIM — if you haven't explicitly generated keys and published them as DNS records, you don't have DKIM. Google Workspace provides a DKIM key generator, but you still have to use it, copy the key, and add it to your DNS. Most businesses never do this step.
Your email platform handles the infrastructure. Your DNS handles the authentication. They're separate things. One doesn't configure the other.
You could do all of this yourself.
| What You'd Need | Time | DIY Cost |
|---|---|---|
| Learn DNS record syntax + mail authentication standards | 3-4 hours | Your time |
| Access and modify DNS records (correctly — mistakes break email) | 1-2 hours | Risk of downtime |
| Generate DKIM keys + configure mail server signing | 1-2 hours | Technical complexity |
| Configure DMARC + set up reporting | 1 hour | Your time |
| Test deliverability across providers | 30 minutes | Your time |
| Total | 7-10 hours | ~£400-800 (your time) + risk |
Or we do it in two hours for £297. Here's the trade:
| What You Get (Sovael) | What You Trade (£297) |
|---|---|
| Complete SPF/DKIM/DMARC audit + configuration | Less than the cost of one lost client contract |
| Deliverability verified across Gmail, Outlook, Yahoo, ProtonMail | About the same as three months of a cheap marketing tool |
| 30-day DMARC monitoring + graduated enforcement | Permanent. No subscription. No recurring fees. |
| Your domain reputation recovers. Emails land in inboxes. | The alternative: your emails keep going to spam. You keep losing revenue you don't know you're losing. |
This is not a negotiation about price. It's a decision about whether you want your emails to arrive or not. The price is £297. The cost of doing nothing — as James discovered — is measured in thousands.
📧 £297. Two hours. Your emails land in inboxes. Permanent. No subscription.
Fix My Email →What Happens After Your Email Works
Once your domain is authenticated and your emails reliably reach inboxes, something interesting happens. Your open rates recover. Your response rates recover. The conversations you didn't know you were missing start happening again. But more than that: your domain now has a sending reputation. Email providers track this over time. A domain with proper authentication that consistently sends legitimate email earns trust. That trust compounds. Your future emails are delivered faster, ranked higher, and treated with the presumption of legitimacy rather than suspicion.
From Email Authentication to Business Operating System
Here's where the broader picture comes in. James didn't just have an email problem. He had a business communication blind spot — one of many that small business owners accumulate because they're running everything themselves. His email went to spam. His phone rang unanswered after hours. His WhatsApp was personal, not business. His follow-ups were manual. His invoices were sent and forgotten.
Fixing email authentication is step one. But the reason this problem existed in the first place is that James's business lacked a unified intelligence layer — a single system that ensures every customer communication channel works, reliably, automatically, and verifiably. When your email is authenticated, we connect it to the Sovael AI agent. Now your business sends and receives email, WhatsApp, and voice through one platform. Proposals go out automatically. Follow-ups happen on schedule. Payment reminders send when they're due. And every communication — every single one — arrives. Because the infrastructure is solid, and the intelligence layer makes sure nothing falls through the cracks.
One domain. One reputation. One operating system. Zero spam folder.
References
- Markana Media — "Email Deliverability Checklist: SPF, DKIM & DMARC (2026)" — April 2026
- Mailbird — "Email Authentication Crisis 2026: Why Emails Fail & How to Fix Them" — February 2026
- GetSliq — "How to Fix Email Deliverability with SPF, DKIM, and DMARC" — April 2026