NetQuery Tools: DNS, email, and network investigation platform

Emails Going to Spam? Start Here.

Mail flow is degrading: inbox placement drops, deferrals rise, or messages fail policy checks. These are infrastructure symptoms, not content guesses.

Run the checks in order and fix the first failing control before moving on.

Start Here, In Order

This sequence catches the highest-impact email deliverability failures before you spend time on lower-leverage tweaks.

SPF Record Checker

Confirms which hosts are authorized for your envelope sender domain (MAIL FROM/HELO).

Run SPF Check

DKIM Record Checker

Verifies selectors and keys so mailbox providers can validate signatures.

Run DKIM Check

DMARC Record Lookup

Checks DMARC policy and whether SPF or DKIM can align with your From domain.

Run DMARC Check

Reverse DNS (PTR) Lookup

Verifies your sending IP resolves to a hostname with sane reverse DNS.

Run PTR Lookup

Blacklist IP Check

Checks common DNSBL and reputation feeds for active sender blocklisting.

Run Blacklist Check

SMTP Capability Probe

Validates TLS posture and SMTP behavior to catch basic server issues quickly.

Run SMTP Probe

Common Deliverability Failure Scenarios

Match your current failure pattern and run the checks in the same order.

Provider Requirement Matrix (Official Sources)

This section only lists documented sender requirements from Google, Microsoft, and Yahoo.

Gmail

Required controls

  • Authenticate sending mail with SPF or DKIM.
  • Publish DMARC on the sending domain (minimum p=none).
  • Align the visible From domain with SPF or DKIM.
  • Use TLS for SMTP transport.
  • For marketing/promotional messages, support one-click unsubscribe and process requests within 2 days.
  • Keep reported spam rate below 0.3% in Google Postmaster Tools.

Sources

Yahoo

Required controls

  • Authenticate sending mail with SPF, DKIM, and DMARC.
  • Support one-click unsubscribe for commercial/promotional mail.
  • Follow sender best practices for complaint management and list hygiene.

Sources

What Pass Looks Like

Use this as your acceptance checklist before calling a deliverability incident resolved.

  • SPF: one valid SPF TXT record and active senders authorized for your envelope domain.
  • DKIM: every production sender signs and verifies with a valid selector and key.
  • DMARC: one _dmarc TXT record with pass and alignment for SPF or DKIM.
  • PTR: each sending IP has reverse DNS and forward-confirmed hostname where possible.
  • SMTP posture: TLS, sensible banner/hostname behavior, and no obvious protocol errors.
  • Reputation: no critical DNSBL listings and no unresolved abuse spikes.

Deep Cuts After the Basics

These checks usually do not fix spam placement alone, but they reduce trust friction and prevent avoidable outages.

MTA-STS Policy Validator

Validate SMTP transport policy and policy-mode correctness.

Validate MTA-STS

TLS Certificate and Cipher Analysis

Review certificate chain and TLS posture on mail-related hosts.

Analyze TLS Posture

BIMI Record Verification

Verify BIMI prerequisites and record format once authentication is healthy.

Verify BIMI

Frequently Asked Questions

Do one-click unsubscribe requirements apply to transactional email?
No. Google and Yahoo say one-click unsubscribe is required for promotional or marketing messages. Transactional mail, such as password resets and order confirmations, is excluded.
Is an unsubscribe link in the message body enough, or do I need List-Unsubscribe headers too?
You need List-Unsubscribe headers for one-click unsubscribe compliance. Google states that body links, mailto links, or URL-only links alone do not meet its one-click requirement. Yahoo also requires the List-Unsubscribe header for this requirement, though you can still include a body link.
What spam complaint rate should I target, and how often is it evaluated?
Google calculates spam rate daily and recommends staying below 0.1% and avoiding 0.3% or higher. Google also states bulk senders are eligible for mitigation only after spam rate remains below 0.3% for 7 consecutive days. Yahoo does not publish a fixed numeric threshold and states it continuously evaluates complaints and may defer high-complaint domains.
What exactly is Gmail’s DMARC alignment requirement for bulk senders?
For direct mail to personal Gmail accounts, the organizational domain in the RFC5322.From header must align with either the SPF organizational domain or the DKIM organizational domain. Google requires bulk senders to set up both SPF and DKIM, but alignment with one is sufficient for this requirement.
Do forwarded or mailing-list messages need the same DMARC alignment, and when are ARC headers required?
Google says DMARC alignment is not required for forwarded or mailing-list (indirect) messages, but these message types are required to include ARC headers.
What are Outlook’s current requirements for high-volume senders (>5,000/day)?
Microsoft states that domains sending more than 5,000 emails per day to Outlook consumer domains must have SPF pass, DKIM pass, and DMARC at least p=none aligned with SPF or DKIM. Microsoft also states non-compliant traffic can be rejected with code 550 5.7.515, effective May 5, 2025.
What does Yahoo currently require from bulk senders for authentication, unsubscribe, and complaints?
Yahoo states enforcement for bulk-sender requirements began in February 2024, with one-click unsubscribe enforcement starting in June 2024. Yahoo FAQs state one-click unsubscribe applies to promotional or marketing messages and not transactional mail. Yahoo also states that mail may be deferred for high complaint rates and non-compliant mail may be sent to spam or rejected. Yahoo error guidance states bulk senders must authenticate with SPF and DKIM and have a DMARC policy in place.
Can multiple SPF records break deliverability, even if each record looks valid?
Yes. RFC 7208 says multiple SPF records are not permitted for the same owner name, and if SPF evaluation selects more than one SPF record, the result is permerror.
Can SPF fail because of DNS lookup limits, even when the SPF syntax is valid?
Yes. RFC 7208 requires SPF evaluators to limit DNS-querying terms to 10 during SPF evaluation. If the limit is exceeded, the result must be permerror.

Learn more: Google Email Sender Guidelines FAQ, Yahoo Sender FAQs, RFC 8058 One-Click Unsubscribe, Google Email Sender Guidelines, Microsoft Outlook High-Volume Sender Requirements, Yahoo SMTP Error Codes, RFC 7208 (SPF)