A client called me last month in a panic. They’d sent a proposal to a potential customer — a $40,000 project — and heard nothing for two weeks. When they finally followed up by phone, the customer said they never received it. The email was sitting in the spam folder.

This happens more than you think. If you’re running a small business and sending emails from your own domain (yourcompany.com.au), there’s a reasonable chance some of your messages are being filtered, delayed, or outright blocked by the recipient’s email system. And you won’t know, because email silently fails — there’s no bounce notification when your message goes to spam instead of the inbox.

Here’s what’s actually going on and what you can do about it.

Why Email Authentication Matters Now

In February 2024, Google and Yahoo jointly implemented new requirements for email senders. If your domain doesn’t have proper authentication records, messages sent to Gmail and Yahoo addresses are significantly more likely to be filtered.

The three authentication standards you need are:

SPF (Sender Policy Framework). This is a DNS record that tells receiving mail servers which servers are authorised to send email on behalf of your domain. If you send email through Microsoft 365, Google Workspace, or any other email provider, your SPF record needs to include that provider’s servers.

DKIM (DomainKeys Identified Mail). This adds a cryptographic signature to your outgoing emails that proves they weren’t tampered with in transit. Your email provider generates a key pair; the public key goes in your DNS records, and the private key signs each outgoing message.

DMARC (Domain-based Message Authentication, Reporting, and Conformance). This tells receiving servers what to do when SPF or DKIM checks fail — quarantine the message, reject it, or allow it through. DMARC also provides reporting, sending you data about authentication failures so you can identify problems.

If those three acronyms made your eyes glaze over, I get it. But here’s the practical reality: without all three properly configured, your emails to Gmail addresses (which represent roughly 30% of all email users) are increasingly likely to be filtered. Google’s sender guidelines are explicit about this.

How to Check Your Setup

You don’t need to be technical to check whether your authentication is configured. Several free tools do it for you:

MXToolbox — enter your domain and it’ll check SPF, DKIM, and DMARC records. It also flags common misconfigurations.

Mail-tester.com — send an email to the address shown on their site, and it scores your message on a 1-10 scale, flagging authentication issues, content problems, and blacklist status.

If you’re using Microsoft 365 or Google Workspace and your IT provider set things up correctly, SPF and DKIM should already be configured. DMARC is the one that’s most commonly missing because it requires a separate DNS record that isn’t set up automatically.

The Content Problem

Authentication is the technical foundation, but email content also affects deliverability. Spam filters evaluate the content of your messages, and certain patterns trigger filtering:

All-caps subject lines. “URGENT: PLEASE REVIEW THIS PROPOSAL” reads like spam to both humans and filters.

Excessive formatting. Heavy HTML formatting, multiple font colours, and embedded images increase spam scores. Plain text emails or simple HTML templates perform better in deliverability.

Trigger phrases. “Act now,” “limited time offer,” “guaranteed results” — the phrases that marketing emails use are the phrases that spam filters watch for. If your legitimate business emails read like marketing blasts, they’ll be treated like marketing blasts.

Large attachments. Emails with attachments over 10MB are frequently delayed or blocked. Use a file-sharing link (Google Drive, Dropbox, OneDrive) instead of attaching large files directly.

Sending patterns. If you send 5 emails a week for months and then suddenly blast 500, spam filters notice. Sudden volume spikes from a domain that normally has low sending volume trigger protective filtering.

The Shared Hosting Problem

This one catches a lot of small businesses. If your website and email are hosted on a shared hosting platform (GoDaddy, HostGator, Crazy Domains, etc.), your email reputation is partly determined by the other websites sharing your server’s IP address.

If another customer on the same server sends spam — or even just sends a large volume of poorly-configured email — the server’s IP address can end up on email blacklists. Your perfectly legitimate emails then get filtered because they’re coming from a blacklisted IP.

You can check whether your sending IP is blacklisted using MXToolbox’s blacklist checker. If it is, you have three options:

1. Contact your hosting provider and ask them to resolve the blacklisting
2. Move your email to a dedicated email service (Microsoft 365 or Google Workspace) that uses its own sending infrastructure separate from your web hosting
3. Use a transactional email service like Postmark or SendGrid for critical business emails

Option 2 is what I recommend for any business that depends on email. Separating your email infrastructure from your web hosting eliminates the shared-reputation problem entirely and costs $7-15 per user per month.

Practical Steps for Small Businesses

Here’s a straightforward checklist:

1. Move to a dedicated email platform. Microsoft 365 Business Basic ($9/user/month) or Google Workspace ($10.80/user/month) provide professional email with authentication pre-configured and dedicated sending infrastructure. This single step solves most deliverability problems.

2. Set up DMARC. Even if SPF and DKIM are configured, add a DMARC record. Start with a “none” policy (monitor only) to see what’s happening, then move to “quarantine” or “reject” once you’re confident legitimate mail is passing authentication.

3. Don’t send marketing emails from your main business domain. If you run email campaigns (newsletters, promotions), use a subdomain (marketing.yourcompany.com.au) so that any reputation issues from bulk sending don’t affect your transactional emails (invoices, proposals, day-to-day communication).

4. Test regularly. Send a test email to mail-tester.com once a month. If your score drops, investigate before you miss a critical message.

5. Have a backup communication channel. For critical business communications — contracts, proposals, time-sensitive requests — follow up with a phone call or text to confirm receipt. Email isn’t as reliable as most people assume.

The Bigger Picture

Email deliverability isn’t glamorous. It’s not the kind of problem that gets discussed at business networking events or featured in entrepreneurial podcasts. But for a small business that relies on email for sales, invoicing, and customer communication — which is basically every small business — a deliverability problem is a revenue problem.

The fixes aren’t expensive or technically complex. They just need to be done deliberately rather than assumed. Most small businesses set up email once, during initial setup, and never think about it again. Given how much of your business depends on email actually arriving, that’s a risk worth addressing.

Check your setup. Fix what’s broken. Then get back to running your business with confidence that your messages are actually being seen.