When business emails start landing in spam or never reach the inbox, the problem is usually not the message content alone. In most cases, deliverability depends on whether receiving mail servers can verify that the message is legitimate. For hosting customers using a control panel such as Plesk, the most effective way to improve delivery is to configure SPF, DKIM and DMARC correctly, keep DNS records consistent, and follow a few practical sending rules.
If you manage email for a company, agency, or hosted website, these settings help mailbox providers trust your domain. They also reduce the risk of spoofing, improve alignment between your domain and your mail source, and make it easier to diagnose delivery problems across Europe and beyond.
Why business email deliverability drops
Email providers use many signals to decide whether a message should go to the inbox, promotions, spam, or be rejected. Authentication is one of the strongest signals. If a recipient server cannot confirm that your domain is allowed to send the message, deliverability often suffers.
Common reasons include:
- Missing or incorrect SPF records
- DKIM not enabled, broken, or using the wrong selector
- DMARC not published or not aligned with SPF/DKIM
- Sending from multiple services without updating DNS
- Using a shared server IP with a weak reputation
- Suspicious content, broken links, or poor mailing practices
- Mailbox issues such as full inboxes, forwarding loops, or typos in recipients
In managed hosting environments, many of these issues can be fixed from the control panel, but the DNS layer must also be correct. A valid mailbox does not guarantee inbox placement unless authentication and reputation are in good shape.
What SPF, DKIM and DMARC do
SPF
SPF (Sender Policy Framework) tells receiving servers which mail servers are allowed to send email for your domain. It is published as a DNS TXT record. If the sending server is not listed, the message may fail SPF checks.
DKIM
DKIM (DomainKeys Identified Mail) adds a cryptographic signature to outgoing messages. The recipient uses a public key in DNS to verify that the email was not altered and that it really came from an authorized source.
DMARC
DMARC (Domain-based Message Authentication, Reporting and Conformance) builds on SPF and DKIM. It tells receiving servers what to do if authentication fails and gives you reporting visibility. DMARC also checks alignment, meaning the visible From address must match the authenticated domain in a meaningful way.
Together, these records improve trust, reduce spoofing, and help mailbox providers understand that your domain is properly managed.
Best practices to improve deliverability
1. Publish a correct SPF record
Start by checking every service that sends mail on behalf of your domain. This often includes your hosting platform, website contact forms, helpdesk systems, CRM tools, invoice platforms, and third-party newsletter services.
A good SPF record should:
- List only authorized senders
- Use one SPF record per domain
- Avoid unnecessary include statements
- Stay within the DNS lookup limit
- Be updated whenever a new service is added or removed
Example of a basic SPF record:
v=spf1 mx ip4:203.0.113.10 include:_spf.yourmailprovider.example -all
In a hosting environment, the mx mechanism is often useful if the domain sends mail from its mailbox server. If your contact forms send through the web server, make sure the actual sending IP is included as well. If you use multiple providers, document each one clearly to avoid conflicts.
2. Enable DKIM signing for every sending source
DKIM is one of the most reliable ways to improve trust because it proves the email was signed with your domain’s private key. In many control panels, including Plesk, DKIM can be enabled per domain and is often generated automatically.
Check the following:
- DKIM is enabled for the domain
- The correct selector is published in DNS
- The key length is strong enough for modern providers
- Outgoing mail is actually signed by the server
- Third-party services also support DKIM for your domain
If you send from multiple platforms, ideally each one should sign mail with DKIM using your domain or a subdomain you control. That makes alignment and troubleshooting easier.
3. Publish a DMARC policy
DMARC helps mailbox providers understand how to handle mail that fails SPF or DKIM checks. It also gives you reports so you can see who is sending mail using your domain.
Start with a monitoring policy, then move gradually to stricter enforcement.
Example DMARC record for monitoring:
v=DMARC1; p=none; rua=mailto:[email protected]; adkim=s; aspf=s
As you review reports and confirm that all legitimate sources are authenticated, you can move to:
- p=quarantine to send suspicious mail to spam
- p=reject to block unauthenticated mail
For a business domain, DMARC is especially useful because it protects the brand and shows providers that your mail setup is actively maintained.
4. Keep the From domain aligned with authentication
One common reason for DMARC failure is misalignment. For example, the user sees an email from [email protected], but the message is sent through a service using a different domain that does not align with SPF or DKIM.
To reduce problems:
- Use the same domain in the visible From address whenever possible
- Configure third-party mail tools to sign with your domain
- Check whether the service uses a return-path or envelope sender on a different domain
- Review alignment after every change to your email stack
If you use a hosted mail platform, this is one of the first things to verify when deliverability drops after a migration or DNS change.
5. Make sure only one SPF record exists
Multiple SPF records for the same domain can cause permanent failure because receiving servers expect a single record. This is a very common issue after a migration or after adding a new mail service.
Instead of creating separate SPF records, combine authorized senders into one record. For example:
v=spf1 mx include:_spf.example-mail.com include:_spf.newsletter.example -all
Also avoid overly complex records. A long chain of include statements can exceed the DNS lookup limit and break validation.
6. Test your DNS after every change
DNS changes are easy to make but easy to get wrong. After publishing SPF, DKIM, or DMARC records, test them from the command line, from the control panel, or with a trusted email-check tool.
Verify:
- The record exists in public DNS
- The syntax is valid
- The SPF evaluation includes the correct sending IPs
- DKIM public keys match the private key used for signing
- DMARC reports are arriving at the expected mailbox
If you manage multiple domains in one hosting account, keep a checklist so each domain has the same baseline authentication before production mail is enabled.
7. Warm up new sending domains and IPs
New domains and new IP addresses usually have no reputation. Mailbox providers may treat them cautiously until they see steady, legitimate sending patterns.
To build trust:
- Start with low-volume sending
- Send first to engaged contacts
- Increase volume gradually over days or weeks
- Keep complaint rates low
- Avoid sudden spikes
This matters when you migrate to a new hosting platform or move from shared email to a dedicated mail server. Even with perfect SPF, DKIM, and DMARC, a poor sending pattern can still hurt inbox placement.
8. Use a consistent sender identity
Mailbox providers prefer recognizable sending patterns. A business that frequently changes From names, reply-to addresses, or sending domains can look suspicious.
Keep the following consistent where possible:
- From name
- From address
- Reply-to address
- Sending domain
- Mailing frequency
If you operate customer support, billing, and marketing mail from different systems, separate them clearly but keep each one properly authenticated.
9. Check server reputation and mailbox hygiene
Even with correct authentication, a poor IP or domain reputation can reduce delivery. Shared hosting environments may be affected if other senders on the same infrastructure send abusive mail. In managed hosting, the provider should monitor outbound mail reputation and act quickly on abuse reports.
Improve hygiene by:
- Removing invalid or inactive recipients
- Controlling bounce rates
- Preventing spam traps
- Stopping compromised accounts quickly
- Limiting unnecessary automated emails
For transactional email, make sure your website or app sends only essential notifications and that any bulk senders are separated from regular business mail.
How to check deliverability problems in a hosting control panel
If you are using a control panel such as Plesk, start with the mail settings for the domain. Confirm that outgoing mail is routed through the intended server and that authentication is enabled. Then review DNS zones to ensure the published records match the active configuration.
Practical checklist in Plesk or similar panels
- Confirm the domain has a mailbox and mail service enabled
- Check whether DKIM signing is enabled
- Verify the SPF TXT record in the DNS zone
- Make sure DMARC exists and points reports to a valid mailbox
- Inspect the outgoing server name and IP address
- Review mail logs for rejects, deferrals, or authentication errors
If the domain was recently migrated, pay extra attention to old DNS records. Stale SPF includes, duplicate MX entries, or expired DKIM keys can create subtle failures that are hard to spot at first glance.
Common mistakes that hurt inbox placement
- Adding a second SPF record instead of merging values
- Forgetting to update SPF after changing email services
- Enabling DKIM in the panel but not publishing the DNS record
- Using a strict DMARC policy before all senders are aligned
- Sending newsletters from the same domain as critical transactional mail without proper separation
- Ignoring bounce messages and complaint feedback
- Using generic addresses like no-reply for all communication
- Embedding broken links or overly promotional wording that triggers filtering
Many of these issues appear after site changes, mailbox migrations, or the introduction of a new SaaS tool. A short review after each change can prevent weeks of delivery problems.
Recommended rollout plan for new domains
If you are setting up a new business domain on a hosting platform, follow this order:
- Set up MX records for mail delivery
- Publish a correct SPF record
- Enable DKIM signing and publish the public key in DNS
- Add a DMARC record in monitoring mode
- Test email delivery to major providers
- Review DMARC reports for unauthorized senders
- Tighten the DMARC policy gradually if everything is aligned
This approach gives you visibility first, then enforcement. It is safer than switching directly to a strict policy without knowing whether all legitimate mail sources are configured correctly.
When to contact your hosting provider
Reach out to your hosting provider or managed hosting support team if:
- You cannot publish or edit DNS records correctly
- DKIM does not appear to sign outgoing mail
- Email is being rejected after a migration
- Mail is sent from an IP with a poor reputation
- You need help reading logs or DMARC reports
- Outgoing mail is blocked by server policy or abuse controls
A good support team can help verify DNS, review mail logs, and confirm whether the server is configured for authenticated delivery. In a managed hosting environment, that support often saves time compared with troubleshooting each record manually.
FAQ
Do SPF, DKIM and DMARC guarantee inbox placement?
No. They strongly improve trust and reduce authentication failures, but mailbox providers also look at reputation, content, engagement, sending volume, and complaint rates.
Should I use SPF, DKIM and DMARC together?
Yes. They work best as a set. SPF verifies sending sources, DKIM signs the message, and DMARC connects both checks to your visible domain and policy.
What DMARC policy should I start with?
Start with p=none so you can collect reports without affecting delivery. Once you confirm that all legitimate mail passes alignment, move to quarantine or reject.
Why do forwarded emails sometimes fail authentication?
Email forwarding can break SPF because the message is re-sent from a different server. DKIM often survives forwarding better, which is one reason it is important to have both SPF and DKIM in place.
How often should I review DNS records?
Review them whenever you add a new sending service, migrate hosting, change mail providers, or notice delivery issues. For active business domains, periodic checks are a good habit.
Can I improve deliverability without changing my hosting platform?
Yes. In many cases, the biggest gains come from fixing DNS authentication, improving sending practices, and cleaning up mail flows. A platform change is not always necessary.
Conclusion
Improving business email deliverability starts with making your domain trustworthy to receiving servers. In practice, that means publishing accurate SPF, enabling DKIM, adding DMARC, and keeping all sending sources aligned. For hosting customers, the fastest results usually come from checking the control panel, reviewing DNS records, and confirming that every mailbox, website form, and third-party service sends mail through an authorized path.
Once authentication is correct, continue with reputation management: send consistently, avoid unnecessary bulk, monitor bounce rates, and review DMARC reports. This combination gives your business mail a much better chance of reaching the inbox across European mail providers and beyond.