Authentication signals
SPF, DKIM, and DMARC help receivers evaluate whether a message is authorised by the domain it claims to represent. These checks are important, but they are only part of the decision.
Reputation and behaviour
Receivers look at sending IP reputation, domain history, volume patterns, retry behaviour, blocklists, complaint signals, and sudden changes in traffic.
Content and policy
Spam scoring, malware scanning, attachment rules, URL checks, allowlists, denylists, and organisation policy all shape the final handling of a message.
Examples
Legitimate mail with weak signals
A message may be wanted by the recipient but still look risky if SPF fails, DKIM is missing, the sending IP is new, and the content contains suspicious links.
Quarantine rather than reject
Many organisations quarantine uncertain messages instead of rejecting them. This gives administrators a chance to review borderline mail while keeping it away from users.
Common issues
- Assuming SPF, DKIM, or DMARC alone guarantees inbox placement.
- Overly aggressive filters that reject legitimate password resets, invoices, or customer replies.
- Allowlisting entire domains when only a specific sender or system should be trusted.
- Not reviewing quarantine patterns, which can hide recurring false positives.