Communication is an important part of running a small business, and one of the most important channels for communicating with customers is email. Love it or hate it, sending and receiving emails is key to finding and retaining clientele. One of the biggest issues with this is email deliverability. Nothing is worse than realising you let a big opportunity slip through your fingers because it landed in the junk box!

Email deliverability is complex, and there’s, unfortunately, no “magic button”. We’ll take you through the primary points of failure along this channel, giving you the essential need-to-knows as a small business owner to troubleshoot any issues.

What impacts on email deliverability?

Whether or not an email ends up in a spam box is based on a combination of factors. The first of these factors, and the one that might immediately occur to you, is the content: are you sending things with weird subject lines, using fake “RE and FW” tags, etc. However, there are also technology-related factors that go into the equation which may seem more nebulous. These are things that your technology Managed Service Provider (MSP) can help with.

These include:
Domain trust: is the address you are using new or has it been used to send spammy messages in the past?
IP trust: is the service you are sending from using an address that’s used by other people for nefarious purposes?
Email server settings: there are configurations you can make that grease the pipes, both inbound and outbound.

The good news is this last one is within your control so we’re going to take you through the important parts of what these configurations are, and how to get them done.

What do I ask my MSP to do, to increase my chances of successfully SENDING and RECEIVING my customer’s communications?…


How do I make sure my emails get received?

  1. Use a trusted email service with good base settings.
  2. Change your domain name records to add further settings information.
  3. Warm up new domains.

There are several things you can do here to set yourself up for success. The most important of these are the BIG 3, – SPF, DKIM and DMARC, which are configuration settings between your email provider and your domain registrar.

SPF – Sender Policy Framework is an email authentication technique that stops people from spoofing emails sent from your domain. If you have a custom domain authenticated with an email service provider like Microsoft Outlook, this would have been a part of the set-up process. If you have a custom domain with a non-standard email server i.e. a self-hosted one, you might not (but it would be very unusual).

WHATAddress record on your domain that tells it what email clients are allowed to use
WHEREIn most cases, where you bought your domain from, i.e. GoDaddy or NameCheap.

is similar to SPF but you add a digital signature record for your domain and configure your email client to be able to send using the digital signature. This is then verified by the recipient’s email server:

The signature on this email matches the one I expect by looking up the domain.

WHATDigital (cryptographic) signature attached to all your emails to authenticate.
WHEREThis will be generated in the settings for your email provider, like Google Workspace Admin, and then put into the domain settings.

is the next step above, and in most cases for small businesses won’t be necessary, but it extends DKIM to give you control and insight into what your domain is being spoofed for. If you are offering services such as financial services, or something where you want to be alerted if your domain is being used to phish your clients this might be for you. Essentially you can set up DMARC along with a DMARC monitoring service to instruct other email clients what to do with emails that are spoofing your domain (eg. quarantine it to the inbox or nuke it) and also send you a report about any of these types of emails. This can be useful if you want to get on the front foot and send out a “don’t send us your bank details, this wasn’t us!” type of email.

WHATA policy that tells other inboxes receiving emails from your domain what to do with it if the authentication records (SPF and DKIM) are ‘iffy’ – also where to send the reports of this activity.
WHEREDMARC policies are usually generated with the help of an additional tool, such as Postmark, which makes the reports readable. The policy record is then entered into domain records on your domain registrar, like both SPK and DKIM.

To set up either DKIM or DMARC, you can look through the documentation for your specific email service, or you can ask your MSP to do it for you. They will need admin access to your email service, and access to your domain registrar (i.e. NameCheap, GoDaddy, or whoever you registered with).

The final tip for optimising your deliverability is something that comes into play if you have a brand new domain. One thing that can affect email trust is the domain age. If you have a new domain the big email clients don’t have enough data about it and can sometimes just mistrust it by default. One way around this is to warm your domain, using a service like Mailwarm. This sends and replies to a bunch of emails from your inbox, mimicking organic activity, to build trust. One caveat with this is that you will want to set a receiving rule that includes the keyword in Mailwarm subject lines to send all of these to a specific folder, otherwise, your inbox fills up with a scary amount of stuff pretty quickly.

How can I make sure I’m receiving all my client’s emails?

  1. Use an organisation-wide whitelist.
  2. Familiarise yourself with email client rules.
  3. Get help from a Managed Service Provider.

Now that you’ve got your domain all set up and you’re sliding into your customer’s inboxes, you, unfortunately, can’t make all the same configuration changes on their side (short of referring them to your MSP). It’s very common to have even existing customers, warm leads, requesting more work from you, end up in the junk box, and have them thinking you’re ignoring them.

The first thing you can do is if you notice that there is a customer that specifically is ending up in the junk box a lot, and especially if lots of people from that organisation are, you whitelist them at a server or organisation level.

If for example, you use Office 365 and all your staff use outlook, you can configure a safe sender list in Exchange Online Protection, or ask your MSP to add one.

For every email sent from, send it straight to the inbox, regardless of what comes before the @.

The second thing you can do, or that each staff member can do, is set up rules, and it’s a good idea to make sure that each staff member is familiar with how to use inbox rules. If someone notices that a client has ended up in their specific junk box, they can set a rule to have that individual sent straight to their inbox. This is an immediately doable thing if you notice someone, in particular, is getting spam boxed, or if just a specific type of email from them is getting spam boxed because you can set the rule based on things other than the “sent from” address. For example, you can set a rule based on “if the subject line includes”. This varies by email client so look up the instructions for your specific client:


This is also something you can ask your MSP to help with, in your staff account onboarding. When you ask your MSP to onboard a new user into your office365 or Google Account, are they sending information about processes related to whitelisting, and pointing new users to essential information like how to use rules? Technology is an essential part of running a small business these days and there are lots of things you need to just work. If you’d like to talk to us about our MSP services, send us a quick note here.