Emails Getting Blocked? It’s Not Always What You Think.

,
Video Thumbnail: Emails Getting Blocked? It’s Not Always What You Think.

Why You’re Not Receiving Emails From Customers: SPF, DKIM and DMARC Explained

It’s a frustrating problem, and one that can cause missed enquiries, delayed jobs, lost sales, and confusion on both sides. We often hear from businesses wondering why customer emails are not arriving in their inbox, or why certain emails are being blocked by the spam filter.

In many cases, the first assumption is that the spam filter is too aggressive. But that is not always the real issue.

Often, the problem is actually on the sender’s side. We regularly come across businesses, including well-known companies, that have not configured their email properly. When that happens, their messages can look suspicious to modern email security systems, even when they are completely legitimate.

A lot of email issues come down to DNS records not being updated properly when a business changes IT providers, moves email platforms, adds a marketing tool, or starts sending emails from a website or application.

If your business relies on email for quotes, support, bookings, invoices, or customer communication, this should be something you should understand!

Why legitimate emails get blocked

Email providers such as Microsoft 365, Google, and other secure mail platforms do not just accept every incoming message at face value. They check whether the sender has properly authenticated their domain.That is because phishing, spoofing, business email compromise, and impersonation scams are extremely common. Spam filters are designed to protect your business from these threats, and they do that by checking something important called DNS records.

If those records are missing, invalid, or misconfigured, the receiving mail server may treat the email as suspicious. In some cases, it might send the message to junk. In other cases, it may reject the message completely before it even reaches your inbox.

The 3 main email authentication records

There are three main records that work together to improve email deliverability and help protect your domain from abuse.

1. SPF record (Sender Policy Framework.)

This record tells the internet which mail servers are allowed to send email on behalf of your domain. Think of it as a list of approved senders.

Without a valid SPF record, it becomes much easier for attackers to spoof your domain and pretend to send messages as your business. It also makes it harder for other mail servers to trust the messages you send.

A missing or incorrect SPF record can lead to emails being marked as spam, quarantined, or rejected.

2. DKIM record (DomainKeys Identified Mail.)

This adds a digital signature to your outgoing emails. That signature helps prove that the message genuinely came from your domain and was not altered in transit.

A simple way to think about it is like the sealing an envelope with wax in the old days. The receiver could see that it had not been tampered with. DKIM works in a similar way, but digitally.

If DKIM is not set up properly, your emails may fail authentication checks, which can hurt email delivery and trust.

3. DMARC record (Domain-based Message Authentication, Reporting and Conformance.)

This is the policy layer that tells receiving mail servers what to do when an email fails SPF or DKIM. For example, should it be allowed through, sent to junk, or rejected outright?

DMARC also helps domain owners monitor abuse and spot spoofing attempts by providing reporting capabilities.

Without DMARC, there is less control over how unauthenticated email claiming to be from your domain is handled.

Your spam filter may not be the problem

Sometimes people ask whether their spam filter should just be relaxed or bypassed. In most cases, that is the wrong fix.

If an email is failing SPF, DKIM, or DMARC, your spam filter is actually doing exactly what it is supposed to do.

That protection is there for a reason. It helps defend your business against phishing emails, email spoofing, impersonation attempts, and other cyber security threats.

We have had situations where customers asked for SPF or DKIM checks to be bypassed, but we strongly push back on that. We educated them that lowering their security to accommodate someone else’s broken email setup is not a good long-term solution or short term. Thankfully they had taken our advice.

The better approach is to fix the root cause, and sometimes that is emailing the recipient directly and telling them to let their IT team know that their emails are misconfigured.

Need help with SPF, DKIM or DMARC?

If you are not sure whether your domain is configured properly, or you are trying to work out why emails are going missing, it is worth getting it checked.

At Accel IT, we help businesses troubleshoot email delivery issues, review DNS records, and make sure email authentication is configured correctly. Whether it is a Microsoft 365 problem, spam filtering issue, or a domain authentication problem, we can help you get to the bottom of it.

If you think you are missing important emails, or want to make sure your email setup is secure and working properly, get in touch with the team at Accel IT.