Back to Blog
emaildeliverabilityresenddnsforensics

Emails Going to Spam? It Might Not Be Authentication (Simply Explained)

A plain-language guide to emails going to spam. No jargon, no tech speak, just what it means for your business.

By Mike Hodgen

Want the full technical deep dive? Read the detailed version

When Your Order Confirmations Disappear Into Spam

I run about a dozen projects through one email system. My DTC fashion brand, a few client apps, some internal tools. For a long time, emails just worked. Then they didn't.

Complaints started piling up. Order confirmations going to spam. Password resets buried in junk. Customers swearing they never got emails I knew we sent.

Here's why this matters if you run a business. A customer who never sees their order confirmation thinks the order failed. So they reorder, or open a support ticket, or file a chargeback. Every one of those costs you money and trust. A password reset stuck in spam means a locked-out customer who gives up instead of coming back.

Emails going to spam is not a small annoyance. It's a quiet leak in your revenue. And the worst part is your email dashboard says everything is fine. It shows "delivered" in green. Technically true. The email was delivered straight into a folder nobody opens.

Why Everyone Blames the Wrong Thing First

When emails go to spam, everybody points to the same culprit first. There are three behind-the-scenes settings (with ugly names like SPF, DKIM, and DMARC) that prove your email is really from you and not some scammer pretending to be you.

Think of them like the ID check at the door of a club. They confirm you are who you say you are.

These are the first things everyone checks, for a good reason. They're easy to test, and there are free tools that grade them in seconds. So that's where I started too. For about an hour.

It was the wrong place to start. My settings were fine. They'd been fine the whole time.

I've watched this play out with clients before they hired me. Someone gets paid to fix the spam problem, runs the ID check, sees a tiny warning, and burns a week "fixing" settings that already worked. Emails still go to spam. So they tweak again. The CEO is paying real money for changes that do nothing.

Here's what nobody says clearly. Passing the ID check gets you in the door. It does not guarantee you a good seat. A spam filter can confirm you're legit and still decide your email looks like junk.

How I Proved the Settings Were Fine

I don't trust email dashboards. They tell you what the system thinks it did, not what actually landed in someone's inbox.

So I sent a test email to my own account and read the real, behind-the-scenes details of the message that arrived. All three ID checks passed. Confirmed, not "probably."

Then I ran the email through two independent testing tools. They scored it 8.9 out of 10 and 9.5 out of 10. Strong scores, no red flags.

Last, I checked whether my email address was on any "bad sender" lists, the blacklists that filters consult before letting mail through. There are about two dozen big ones. I was clean on 22 of 23. The one hit was a minor list nobody pays attention to.

Three separate sources, all saying the same thing. The ID check was fine. My reputation was fine. If I'd kept fiddling with those settings, I'd have just been charging for a show.

The problem had to be inside the email itself. So I opened it up and looked.

The Real Culprit: Email Tracking

Most email tools offer "tracking." You flip a toggle and suddenly you can see who opened your email and what links they clicked. Marketing folks love it. I'd had it switched on for years and never questioned it.

Here's what that toggle actually does to your email.

To track opens, it hides a tiny invisible image in your email. When someone opens the message, their email program quietly fetches that image, and that counts as an "open."

To track clicks, it rewrites every link in your email. Instead of pointing straight to your website, each link first detours through a tracking address that records the click, then redirects.

Now look at that email through a spam filter's eyes. It sees a hidden invisible image and every link routing through one detour address instead of going where it claims.

That is the exact fingerprint of a phishing scam. The whole point of phishing is to hide where links really go and use invisible tricks to know if you took the bait. Spam filters are built specifically to catch this pattern.

So the features designed to measure how my emails performed were making legitimate, properly-authenticated emails look like scams. The better my tracking setup, the more my email looked like the exact thing filters hunt for.

The Fix (and the Trap That Cost Me Two Hours)

The fix is simple. Turn off open tracking and click tracking.

For order confirmations and password resets, this is an easy call. Nobody is A/B testing the subject line of a receipt. The tracking was pure downside.

But here's the trap. When I switched tracking off, the system confirmed success. Green checkmark. Done.

Except the change hadn't actually taken effect yet. For a window of time after the system says "done," your emails are still going out with the tracking baked in.

So I sent another test and looked at the actual email. The hidden image was still there. The setting said off. The real email said on. If I'd trusted that green checkmark, I'd have declared victory while customers kept landing in spam.

This is a lesson I run into constantly. Trust the output, not the status light. A green checkmark is a claim. The actual email is the proof. I waited, sent again, checked again, and this time the tracking was gone. Then I knew it was fixed.

The tradeoff: you lose open and click data. For receipts and resets, you never needed it anyway. For real marketing campaigns it's a judgment call, and you can keep tracking on a separate setup kept far away from your important mail.

Why the Obvious Answer Is Often the Expensive Wrong One

Step back and you see the pattern. The loud, well-documented suspect was innocent. The real cause was a feature nobody thought to question, because it was supposed to be there. It was doing exactly its job. Its job just happened to look like fraud.

This is the work I actually do. Not charging you to re-tighten settings that already work, but digging into the real system to find the thing nobody thought to check.

I find these problems because they cost me first. I run a real fashion brand and real client systems on this stuff. When my order confirmations go to spam, that's my revenue on the line, so I dig until I find the actual cause instead of the comfortable one.

If your emails are going to spam, or your software is flashing green checkmarks while something underneath quietly fails, let me take a look. I'd rather find the real problem than bill you for the obvious wrong one.

Want to explore what AI could do for your business?

Book a free 30-minute strategy call. No pitch deck, no sales team, just a real conversation about your operations and where AI fits.

Book a Discovery Call

Get AI insights for business leaders

Practical AI strategy from someone who built the systems — not just studied them. No spam, no fluff.

Ready to automate your growth?

Book a free 30-minute strategy call with Hodgen.AI.

Book a Strategy Call