Most cold email lands in spam for a few fixable reasons: missing or misaligned authentication (SPF, DKIM, DMARC), a new domain with no sending reputation, no one-click unsubscribe, high complaint rates, or spammy content and links. Since Gmail's November 2025 and Microsoft's May 2025 rules, non-compliant bulk mail is now rejected outright, not just foldered.
The causes split into reputation, authentication, compliance, and content. Reputation: a brand-new domain has no track record, so providers treat it cautiously and ramp trust slowly — sending high volume on day one looks like a spammer. Authentication: SPF, DKIM, and DMARC must all pass and align; a DKIM signature that doesn't match the From domain, or DMARC left at monitoring only, weakens trust. Compliance: bulk senders now need working one-click unsubscribe (RFC 8058) and must keep spam complaints low — Gmail's threshold guidance is to stay under 0.3%. Content: spammy phrasing, link shorteners, mismatched display names, and image-heavy mail with little text all push spam scoring up. Since the 2025 enforcement changes at Gmail and Microsoft, failing the authentication and compliance bar increasingly means hard rejection (a 5xx error), not a quiet trip to the spam folder — so the failure is visible and total. Fixing the root cause beats any attempt to mask it.