Here's a number that should bother every small business owner sending marketing emails: one in six emails never reaches the inbox. They don't bounce. They don't get returned. They just quietly disappear into spam folders and promotions tabs where nobody will ever see them.
Gmail, the world's largest email provider, has an inbox placement rate between 73% and 78%. That means even under the best conditions, roughly one in four emails sent to Gmail addresses doesn't make it to the primary inbox. Across all providers globally, the average inbox placement sits around 84%. Better, but still not great — especially when you're a small business and every customer relationship matters.
If you've been sending emails and wondering why nobody seems to respond — this might be the reason. Your content could be perfect. Your offers could be irresistible. But none of that matters if your emails are landing in spam before a single customer gets the chance to read them. The good news: most of what determines deliverability is technical infrastructure that your email platform should handle for you. This article explains what's happening behind the scenes — and why choosing the right platform matters more than any individual fix you could make yourself.
Why Your Emails Go to Spam
There are four things that consistently kill email deliverability for small businesses. Understanding them is the first step to fixing them.
Poor authentication is the number one killer. Since February 2024, Google and Yahoo have required all email senders to properly authenticate their messages using SPF, DKIM, and DMARC. Before that, these were best practices. Now they're mandatory. If your emails aren't authenticated, major email providers will either route them straight to spam or reject them entirely. This single issue accounts for more deliverability problems than everything else combined, and most small business owners don't even know it exists.
High bounce rates damage your reputation fast. A bounce happens when you send an email to an address that doesn't exist or can't receive mail. If your bounce rate climbs above 2%, email providers start treating your domain as untrustworthy. It makes sense from their perspective — legitimate senders maintain clean lists. Senders with lots of bad addresses look like they scraped contacts from somewhere shady. Every bounced email is a small mark against your domain's reputation, and those marks add up quickly.
Spam complaints are the most damaging signal. When a recipient clicks "Report Spam" on your email, that's a direct signal to the email provider that your messages are unwanted. The threshold is shockingly low — anything above 0.1% complaint rate starts triggering problems, and top-performing senders maintain rates around 0.02%. To put that in perspective, if you send to 1,000 people and just two of them hit the spam button, you're already at the danger threshold. Google's hard ceiling is 0.3%, and exceeding that consistently will bury your domain.
Purchased lists are poison for your domain. Buying an email list is the fastest way to destroy your deliverability. Those lists are full of invalid addresses that bounce, spam traps set up specifically to catch senders who don't use permission-based lists, and people who never asked to hear from you and will immediately hit the spam button. One blast to a purchased list can damage your domain reputation so severely that it takes months to recover — if you can recover at all. There's no shortcut here. Every address on your list needs to belong to someone who actually opted in.
SPF, DKIM, and DMARC: The Plain English Version
These three acronyms sound intimidating, but the concepts behind them are surprisingly simple. Think of them as three layers of trust that prove to email providers like Gmail that your emails are really from you.
SPF — The Guest List
Sender Policy Framework is essentially a guest list for your domain. It's a DNS record that says "these specific servers are allowed to send email on behalf of my domain." When Gmail receives an email claiming to be from your business, it checks your SPF record to see if the sending server is on the list. If it's not, the email gets flagged. Think of it like a bouncer at a private event — if your name's not on the list, you're not getting in. Without SPF, anyone could send emails pretending to be your business, and email providers have no way to tell the difference.
DKIM — The Wax Seal
DomainKeys Identified Mail works like a wax seal on an old-fashioned letter. When your email server sends a message, it stamps it with a cryptographic signature that's unique to your domain. The receiving server then checks this signature against a public key published in your DNS. If the signature matches, the email is authentic and hasn't been tampered with in transit. If someone intercepted or modified the message along the way, the seal would be broken. DKIM doesn't stop someone from sending email as you — that's SPF's job — but it proves that the emails you did send arrived exactly as you wrote them.
DMARC — The Policy
Domain-based Message Authentication, Reporting, and Conformance ties SPF and DKIM together with a policy. It tells email providers what to do when an email fails authentication checks. You have three options: do nothing and just report it, quarantine it (send to spam), or reject it outright. DMARC also sends you reports about who's trying to send email using your domain, which is how you catch spoofing attempts. Think of it as the instruction card you leave for a house sitter — "if someone shows up and they're not on the list and they don't have a key, here's what I want you to do."
All three of these became effectively mandatory in February 2024 when Google and Yahoo announced new sender requirements. As of April 2024, Google began actively rejecting email traffic that didn't comply. If you haven't set these up, you're not playing by the rules that every major email provider now enforces — and your inbox placement is suffering because of it.
Google and Yahoo's 2024 Rules Changed Everything
In October 2023, Google and Yahoo jointly announced new requirements for email senders that went into effect in February 2024. These weren't suggestions or best practices. They were hard requirements, and they fundamentally changed the email deliverability landscape for every business.
For all senders, the minimum requirement is now SPF or DKIM authentication on every message. That's the baseline just to get your foot in the door. If you send more than 5,000 emails per day to Google addresses — which qualifies you as a bulk sender — the requirements get stricter. Bulk senders need SPF and DKIM authentication plus a published DMARC policy. They also need to support one-click unsubscribe in every marketing email, and they need to keep their spam complaint rate below 0.3%.
The one-click unsubscribe requirement deserves special attention. Every marketing email you send must include a way for recipients to unsubscribe with a single click — no login required, no multi-step process, no "enter your email to confirm" nonsense. If you make it hard for people to unsubscribe, they'll hit the spam button instead, and that's far more damaging to your deliverability than losing a subscriber.
This is not optional. Google started rejecting non-compliant traffic in April 2024 and has been ramping up enforcement since. If you haven't adapted to these rules, you're likely already seeing the effects in your deliverability numbers — you just might not have connected the dots yet.
List Hygiene: The Boring Thing That Matters Most
Email list hygiene is the unglamorous foundation of good deliverability. Nobody wants to talk about it because it means making your subscriber count go down, and that feels like going backward. But a clean list of 500 engaged subscribers will outperform a dirty list of 5,000 every single time.
The hard rule is keeping your bounce rate below 2%. Every time you send a campaign, any address that hard bounces — meaning the address doesn't exist or the server permanently rejected your message — needs to be removed immediately. Not next week. Not when you get around to it. Immediately. Every subsequent send to a known-bad address compounds the damage to your sender reputation.
Beyond bounces, you need to regularly clean subscribers who've gone inactive. If someone hasn't engaged with a single email from you in six months or more, they're either not seeing your emails (because they're already in spam) or they've lost interest. Either way, continuing to send to them hurts you. Inactive subscribers signal to email providers that your content isn't wanted, which pushes more of your emails into spam. It's a downward spiral. Cherub automatically sunsets subscribers who haven't engaged in 180 days — removing them from future sends so they stop dragging down your deliverability. It's the kind of thing no business owner would remember to do manually, but it makes a real difference in whether your emails reach the people who actually want them.
Here's a number that puts this in perspective: roughly 22.5% of email addresses become invalid every year. People change jobs, switch providers, and abandon old accounts constantly. If you built your email list two years ago and haven't cleaned it since, nearly half those addresses could be dead weight — or worse, converted into spam traps by email providers looking to catch senders who don't maintain their lists.
This is another area where your email platform should be doing the heavy lifting. Cherub automatically removes hard bounces after every send, tracks spam complaints in real time, and requires double opt-in for every new email subscriber -- meaning every email address on your list was verified by the actual person who owns it. SMS subscribers opt in by texting JOIN to your number, which is direct consent by definition. You shouldn't need to manually scrub your list. If you're doing that, your platform is making you do its job.
Domain Warm-Up: What Small Businesses Actually Need to Know
Domain warm-up is the process of building a positive sending reputation with email providers when a new domain or sending infrastructure starts sending at volume. It's a real concern for large senders launching dedicated IP addresses — but for small businesses at typical list sizes, it's not something you need to manage yourself.
When you send through Cherub, your campaigns go out over our shared sending infrastructure, which already carries an established reputation with Gmail, Yahoo, and other providers. SPF, DKIM, and DMARC are configured automatically. Because small businesses grow their lists organically — a few signups from a QR code here, a handful from a word-of-mouth referral there — sending volume ramps naturally at the pace providers prefer. There's no manual warm-up schedule to manage.
The factors that actually determine whether your emails reach the inbox are the ones covered in this article: proper authentication, list hygiene, consistent cadence, and avoiding spam complaints. Those are what Cherub handles on your behalf — so you can focus on running your business instead of worrying about email infrastructure.
Monitoring: How to Know If You Have a Problem
You can't fix what you can't see. The most important free tool for monitoring your email deliverability is Google Postmaster Tools. It's free, it takes about ten minutes to set up, and it gives you direct visibility into how Google views your domain. You can see your domain reputation (rated from bad to high), your spam rate, your authentication pass rates, and whether your emails are being encrypted in transit.
The key benchmarks to track are straightforward. Your bounce rate should stay below 2% on every send. Your spam complaint rate should stay below 0.1%, with top performers sitting around 0.02%. Your authentication pass rate — meaning the percentage of your emails that successfully pass SPF, DKIM, and DMARC checks — should be above 95%. If any of these numbers slip, you need to investigate immediately rather than hoping the problem resolves itself.
Here's the honest truth, though: most small business owners shouldn't have to monitor any of this themselves. This is plumbing — essential, but not something you should be thinking about when you have a business to run. A good email platform monitors these metrics behind the scenes, flags problems before they become crises, and handles the technical remediation automatically. Cherub monitors your domain reputation, bounce rates, and complaint rates continuously. If something slips, we adjust before it becomes a deliverability crisis. You focus on your business; we make sure your emails actually arrive.
If you're managing email yourself or using a basic tool, Google Postmaster Tools is worth the ten-minute setup. But if you're using a platform that takes deliverability seriously — one that handles authentication, list hygiene, and reputation monitoring as part of the service — you shouldn't need to check these dashboards at all.
Frequently Asked Questions
Why are my emails going to spam even though I'm not a spammer?
Most legitimate businesses land in spam because of missing email authentication (SPF, DKIM, DMARC), not because of their content. Since February 2024, Google and Yahoo require proper authentication for all senders. Without it, your emails get filtered regardless of how good your content is. High bounce rates, spam complaints, and sending to purchased lists also trigger spam filters.
What are SPF, DKIM, and DMARC and do I really need them?
SPF tells email providers which servers are allowed to send on your behalf (like a guest list). DKIM adds a cryptographic signature proving the email hasn't been tampered with (like a wax seal). DMARC tells providers what to do with emails that fail those checks (quarantine, reject, or allow). Since February 2024, all three are effectively mandatory. Google began rejecting non-compliant email traffic in April 2024.
Do I need to worry about domain warm-up as a small business?
At small-business list sizes, warm-up happens organically as your subscriber base grows — there is no manual ramp schedule to manage. Cherub sends through established shared infrastructure with SPF, DKIM, and DMARC configured automatically, so your emails benefit from a trusted sending reputation from day one. Focus on authentication, list hygiene, and consistent sending cadence — those are the real inbox-placement drivers.
What is a good email bounce rate and spam complaint rate?
Keep your bounce rate below 2% and your spam complaint rate below 0.1%. Top-performing senders maintain complaint rates around 0.02%. Google's hard ceiling is 0.3% for spam complaints — exceed that consistently and you'll see serious deliverability damage. Remove hard bounces immediately after every send and sunset inactive subscribers who haven't engaged in 180 or more days.