Your emails are probably landing in spam more often than you realize. You don’t see it. The recipients don’t complain because they never saw the message. You just notice the open rates dropping and wonder what changed.
A lot changed.
Gmail started enforcing stricter authentication rules in November 2025, moving from warnings to outright rejections for bulk senders who didn’t comply. Microsoft followed with similar requirements effective May 2025. Yahoo tightened its filters too. The email ecosystem shifted in ways that punish senders who haven’t kept up, and the margin for error has gotten uncomfortably thin.
The Numbers Tell a Rough Story
Global inbox placement hovers around 83-84%, according to data compiled by MailReach. That means roughly one in six emails never reaches the inbox at all. Some get flagged as spam. Some simply vanish, marked as “missing” in deliverability reports, never delivered or bounced.
The variation across providers is striking. Gmail sits at about 87% inbox placement. Yahoo is around 86%. Microsoft properties like Outlook and Hotmail? Just 75.6%, with spam rates exceeding 14%. That’s the highest spam rate among major providers.
And 2025 made things worse before they got better. GlockApps tracked inbox placement rates across ESPs and found steep declines in Q1 2025 compared to the year before. Mailgun dropped from 53.8% to 26%. Mailchimp fell from 51.9% to 32.3%. Amazon SES went from 54.9% to 40.3%. These weren’t small dips. These were crashes.
By Q4, things recovered somewhat, especially for high-volume senders. Gmail inbox placement for senders moving over a million emails monthly jumped 20% compared to earlier quarters. But the message was clear: the filtering has gotten more aggressive, and only senders who adapted thrived.
Authentication Is No Longer Optional
Three authentication protocols determine whether your emails get through. SPF, DKIM, and DMARC. If those acronyms mean nothing to you, they need to.
SPF tells receiving servers which mail servers can legitimately send email from your domain. DKIM adds a cryptographic signature proving the email hasn’t been tampered with and actually came from you. DMARC builds on both, telling receivers what to do when emails fail authentication: reject them, quarantine them, or let them through anyway.
As of 2025, major providers require all three for bulk senders. Google and Yahoo made them mandatory for anyone sending over 5,000 emails daily. Microsoft joined in May 2025, explicitly stating that non-compliant mail would be rejected outright, not just filtered to junk.
The impact of compliance is measurable. Fully authenticated senders are 2.7 times more likely to reach inboxes than unauthenticated ones, per Validity’s benchmark data.
One Hacker News commenter put it bluntly: “Google states that the new requirements are mandatory only when you send at least 5000 messages per day. This is a lie.” In practice, smaller senders face filtering too. The thresholds are guidelines, not guarantees.
Domain Reputation Matters More Than You Think
Authentication gets your foot in the door. Reputation determines whether you’re welcome.
Email providers track your sending behavior over time. High bounce rates hurt you. Spam complaints destroy you. Low engagement quietly erodes your standing. A domain with poor reputation will land in spam even with perfect authentication.
The MailChannels CEO explained the dynamic on Hacker News: “if you send email from your own IP, it doesn’t take much for a receiver to pull the trigger and block you.” Shared IPs offer some protection through volume diversity, but your domain reputation follows you regardless of infrastructure.
New domains need warming. You can’t buy a domain today and blast 50,000 emails tomorrow. Start with 20-50 daily sends, gradually increasing over weeks. Send to engaged subscribers first. Build positive signals before testing the system’s patience.
The same applies to IP addresses. Reputation follows behavior, and sudden spikes in volume trigger scrutiny. A practical observation from one HN user: “The mistakes can be numerous: bad setup like broken DKIM, bad sending parameters like opening too many connections by IP to a given provider.”
Spam Complaints Kill Faster Than Anything Else
Google and Yahoo require spam complaint rates below 0.3%. The ideal target is under 0.1%. That’s one complaint per thousand emails.
For a 10,000-person list, you get 10 complaints before problems start. Not much room.
Complaints come from irrelevant content, unexpected emails, frequency mismatches, and difficult unsubscribe processes. They also come from misleading subject lines, which is where AI-assisted content creation can inadvertently cause trouble.
A Hacker News discussion about email deliverability captured the nuance well. One user noted: “It should be 1 click, with links at the top and bottom of the message. Do it in real-time, not in ‘24-72 hours.’” Every friction point in unsubscribing increases the chance someone hits the spam button instead.
AI Content and the Spam Filter Arms Race
AI-generated emails create new challenges. The content itself can trigger filters, and the scale AI enables amplifies every mistake.
Research from the ScienceDirect journal on AI email security found that 82.6% of phishing emails analyzed between September 2024 and February 2025 contained AI-generated content. Spam filters know this. They’re training to detect it.
Gmail and Microsoft now use large language models to identify unnatural tone, repeated patterns, and mass-generated templates. The very efficiency that makes AI attractive for email creation also makes AI content easier to fingerprint at scale.
A Hacker News thread discussing AI-generated outreach emails surfaced a telling observation. One commenter pointed out: “People who detected AI generation likely just didn’t bother replying to the sender.” The absence of complaints doesn’t mean the absence of detection.
The practical implications: vary your AI output, edit for uniqueness, avoid sending thousands of emails with identical structures. AI-generated content that looks templated gets treated like templates. And templates trigger filters.
Content That Gets Through
Beyond AI-specific concerns, certain content patterns reliably cause problems.
Excessive exclamation points trigger filters. ALL CAPS words do too. Spam-trigger phrases like “FREE,” “URGENT,” and “LIMITED TIME” haven’t lost their reputation. Too many links raise suspicion. Poor text-to-image ratios, especially image-only emails, get flagged.
Subject lines matter disproportionately. According to Omnisend research, 69% of users report email as spam based on subject line alone. They never even open the message before deciding it’s junk.
One deliverability discussion on HN made an important distinction: “Most spam signals are based on behavior and reputation rather than content. Gmail in particular is capable of reclassifying messages.” But content still matters, especially with Microsoft. The same thread noted: “Outlook seems to pay significant weight to the content of the email, possibly as much as or even more than the sender.”
Testing Before You Send
Measuring deliverability accurately is surprisingly difficult.
One Hacker News user captured the core problem: “if you test deliverability on email accounts where you have already whitelisted the sender, of course it’s going to look like email is delivered.” Self-testing with accounts that have replied to your emails before tells you nothing about how new recipients experience your sends.
The same discussion included a practical workaround: “I initially got placed in spam too in Gmail/Outlook but I always replied to my own emails and marked them as ‘Not Spam.’” That trains filters for individual accounts but doesn’t reflect broad deliverability.
Proper testing requires seed accounts across major providers, accounts that have never interacted with your domain before. Tools like GlockApps and MailerCheck provide this. Google Postmaster Tools shows your domain reputation specifically for Gmail. Microsoft SNDS covers Outlook and Hotmail.
Volume and Timing
AI makes sending more email easier. That’s not always good.
The capacity to generate 300 personalized emails per sales rep per day exists now. But infrastructure and reputation must scale alongside volume. A domain warmed for 100 daily sends will struggle at 1,000. A new IP address handling sudden high volume looks exactly like a spam operation.
Scale deliberately. Monitor metrics at each volume level. Pull back at the first sign of trouble.
The recommended ceiling for cold email is around 100 sends per day per inbox. Marketing emails to opted-in subscribers can go higher, but even there, gradual increases beat aggressive scaling. Inbox providers track velocity. They notice when sending patterns change.
List Hygiene Protects Everything Else
Your list quality determines your ceiling.
Remove contacts who haven’t engaged in six months. They’re dragging down your metrics without providing value. Run validation before major campaigns to catch typos in domains, temporary addresses, and known spam traps. Hard bounces require immediate removal. Soft bounces warrant monitoring.
Purchased lists are the fastest path to disaster. They contain spam traps by design, addresses that exist specifically to catch bad senders. One bad purchase can tank a domain reputation built over years.
Double opt-in adds friction to signup but ensures valid, engaged subscribers. The friction is a feature when the alternative is a list polluted with bad addresses.
Recovery Takes Time
Even careful senders occasionally face deliverability problems.
Diagnosis starts with bounce reports, spam complaint sources, authentication failures in Postmaster Tools, and blocklist status checks. MX Toolbox can show if you’ve landed on a blocklist. The specific blocklist determines the removal process.
Immediate response means pausing sends to affected segments, fixing authentication issues, removing recently added problematic addresses, and reducing volume dramatically. Then rebuild by sending only to highly engaged subscribers, reducing frequency, and gradually increasing as metrics improve.
Recovery timelines vary from weeks to months depending on severity. A Hacker News commenter summarized the challenge: “getting good deliverability is hard and it doesn’t make sense to try it unless you are delivering email on behalf of a large amount of people.” For everyone else, the effort lies in maintaining what works rather than recovering from what broke.
Where This Leaves You
The email ecosystem has gotten stricter because it needed to. AI-generated spam forced inbox providers to upgrade their defenses. Legitimate senders caught in the crossfire have to adapt.
Authentication is table stakes. Domain reputation is the long game. Content quality is the ongoing work. And volume management is where most AI-enabled senders trip up.
The good news buried in the 2025 statistics is that senders who did adapt saw improvements by year’s end. High-volume senders with proper authentication experienced double-digit gains in inbox placement during Q4. The filters reward compliance.
For practical implementation, the related piece on AI for email marketing covers the content generation side. The question this piece raises is whether the infrastructure underneath can support what AI makes possible.
Most email deliverability problems don’t announce themselves. They show up as slowly declining open rates, campaigns that used to work and don’t anymore, and a growing gap between “sent” and “delivered.” Catching that drift early matters more than fixing it later.
