Common IT & cybersecurity questions

Why are our emails going to spam or being marked as spoofed?

If your legitimate emails keep landing in spam — or worse, your clients are receiving scam emails that appear to come from you — the cause is almost always your email authentication records: SPF, DKIM and DMARC. These are DNS settings that prove an email genuinely came from your domain, and getting them right fixes both problems at once.

What these three records do

  • SPF (Sender Policy Framework) lists which mail servers are allowed to send email for your domain.
  • DKIM (DomainKeys Identified Mail) adds a cryptographic signature proving an email wasn't tampered with in transit.
  • DMARC tells receiving servers what to do with mail that fails those checks — and gives you reporting so you can see who is sending as you.

Why it matters more than ever

Microsoft and Google now actively enforce these standards. If your records are missing or misconfigured, two things happen: your genuine email gets treated as suspicious and filtered to spam, and — more dangerously — scammers find it easy to spoof your domain to phish your clients and suppliers, trading on your good name.

Common causes we see

  • A new email marketing tool, CRM or invoicing system added without updating SPF.
  • A DKIM record that was never set up when the domain was configured.
  • No DMARC policy at all, leaving the domain wide open to spoofing.

The fix

The solution is to configure SPF, DKIM and a sensible DMARC policy correctly for your specific domain and mail platform, then monitor the DMARC reports and tighten the policy over time. It is one of the first things we check and correct for new clients, because it protects both your deliverability and your reputation. If your email is going astray, call (08) 9325 1196 and we will diagnose it.

Still have a question?

Talk to a Perth-based IT specialist — a free, no-obligation chat about your setup.

Related questions