Recently, I ran into trouble with my email. My business email ends in my domain name, and a few weeks ago my emails stopped arriving in people’s inboxes, instead going right to spam. Even if that person had whitelisted my email address (or in the case of gmail, added me to their contacts list).

First, I investigated a few things

  • I logged into my server and looked for whether I was sending out spam. Nothing showed up there. I saw that I had been receiving LOTS of spam. I had over 20,000 messages. But I wasn’t sure if that was related to the problems I was having or if I’d just ended up on some spam recipient list from hell somehow.
  • I verified that my IP hadn’t been blacklisted, which is what most of the pages I found through Google told me to do.
  • Since I don’t use my email address for sending out bulk mail, all the other recommendations I found for keeping my emails out of everyone’s spam box didn’t really apply.

The “Backscatter” Clue Opens a Door

Fortunately for me, my husband used to work in a data center. So he’s seen all kinds of spam attacks. When I mentioned to him the extraordinary amount of spammy emails I’d been receiving, he said, “Oh, sounds like backscatter.”

Say what? I’d never heard of ‘backscatter.’ Apparently it’s possible for spammers to spoof your email, fooling mail servers into thinking you sent those emails about that giant wad of cash waiting for someone in Nigeria. And then when bounces—or responses—come back from those emails, they all come to your inbox in a flood. It can be hard to notice because there’s nothing coming from your outbox. The spammers are creating fake emails that pretend like they are from you or your domain.

How to Make Your Email Address Worthy Again

You need to make it harder for spammers to spoof you, and easier for mail servers to recognize your email for earnest communication it is. Here are a couple of simple things that fixed this for me.

I use cPanel on my server, so I logged in, went into the “Email Authentication” section and clicked on the two buttons that enabled Domain Keys Identified Mail (DKIM) and Sender Policy Framework (SPF). Here’s the cPanel documentation on it.

By enabling DKIM and SPF, you’re increasing ways for your email to be authenticated by mail servers that receive it, which is much harder for hackers to fake. This makes other mail servers trust the email your send more, so they’re more willing to pass it to an inbox. FYI, you’ll still get sent to the spam box if you’re actually spamming.

As you can see, DKIM and SPF are easy to implement once you know about them. Immediately after I enabled these two things, I was able to send emails from my domain’s email address and have them go straight to the inbox.

If the server your site lives on uses something besides cPanel, once you’re logged into the backend of the site, you can look in the section on “Email” for these tools. If you can’t access your server, contact your web developer or hosting provider about it. They should be able to help you set it up.