Why might emails from your website end up in Spam?

Don’t lose potential customers! You have put a lot of effort into converting your website visitors – make sure you don’t lose them at the final hurdle. Here are some basic, and more advanced tips on how to ensure that emails from your website arrive correctly.

First – check your setup. Send a regular test email via your website and make sure it gets through. You might have several forms on your site so make sure you test them all. Keep it simple – minimise the number of forms, and the number of email addresses they go to.

Save the messages on your site – if you use a good form plugin, such as Gravity Forms, the submissions from your forms will be saved, so even if you lose or accidentally delete the email, the information is backed up.

Now some more technical reasons why your mails might not be getting through. TL;DR make sure you have correct SPF records and DKIM signing

SPF records

Your domain should have an SPF record – this is a DNS record which sets out which servers are allowed to send email from your domain. A receiving server should check there is one, and if it exists, whether it matches the origin of the message. Some servers will reject mail from domains with no SPF record (particularly major providers) and many will reject mail if the SPF record is incorrect. So – make sure you have an SPF record and that it is correct.

DKIM signing

DKIM signing is a technical way to validate the origin of an email, and it’s required by the policy of certain major email providers (e.g. Google, Hotmail). So if your website emails are getting marked as spam or not getting through, you might need to ensure that they are signed by DKIM – ask your web host. Basic web hosting packages are unlikely to support DKIM signing – if you’re not sure, then please ask!

How does DKIM work

DKIM signing is a cryptographic process that uses a public / private key pair. The private key is generated on the server (for example your web server) and it is used to encrypt certain headers of any email (under your domain) sent from the server. The resulting encrypted data is then added to the email as another header.

When the email is received, the receiving server cannot access the private key, but it can look up the corresponding public key, which has been added to the DNS for your domain. This public key is able to decrypt the data in the added header, so it can then check these headers against the original ones. If they match, then the DKIM test is passed. If not, it fails, and the email would be rejected.