Provider deliverability · Gmail (personal Gmail and Google Workspace inboxes)

Why does Gmail mark new domain emails as spam?

Samuel Chenard

By Samuel Chenard · CEO & Co-Founder, Palisade · Reviewed July 17, 2026

Gmail spam-folders mail from a new domain because the domain has no sending history, so authentication and behavior are the only signals Google can score. Missing SPF, DKIM, or DMARC, a cold start at full volume, and a bare domain with no web presence all read as spam. Authenticate everything first, then warm up gradually.

The 30-second check

A new domain gets no benefit of the doubt, so every signal you control has to be right before the first campaign. The free email security score below grades SPF, DKIM, DMARC, MX, and the supporting DNS in one pass: the same surface Gmail evaluates when it meets your domain for the first time.

Check your domain now

Enter your sending domain and the check runs instantly on the next page. Free, no signup.

Why Gmail is blocking your email

Likely causeWhat's happening
The domain has zero sending history with GmailGmail rates every sending domain on its track record. Postmaster Tools grades domain reputation from Bad to High, and Google defines the High tier by a "History of very low spam rates" plus compliance with the sender guidelines; a domain registered last month has no history at all, so it cannot start anywhere good. Worse, Postmaster Tools shows no data until your volume to personal Gmail accounts is high enough, so the early weeks give you no feedback either (per Google's Postmaster documentation, checked 2026-07-17).
SPF, DKIM, or DMARC is missing or misalignedSince February 2024 Gmail requires every sender to pass SPF or DKIM, and bulk senders to pass both plus DMARC. On an established domain, weak authentication costs points; on a new domain it decides everything, because authentication is the only identity signal Gmail has while there is no history. Registrar-default DNS, DKIM signing under the platform's domain instead of yours, and a missing DMARC record are the standard new-domain misses.
No warm-up: full volume from a cold startGoogle states directly that "Increasing your sending volume too quickly can result in delivery issues" and describes a common daily increase of 25% to 100% once sending starts. A new client domain that opens with a 5,000-recipient blast is running the exact pattern the filters were built to catch, and spam-foldering is Gmail going easy on you; the next step is deferral.
The domain looks parked or disposableGmail publishes no domain-age threshold and no parked-domain rule, so nobody can quote you a safe age. The pattern its filters must catch is real though: spammers register fresh domains, burn them in a burst, and move on. A domain that was a registrar parking page last week, with no website, no MX history, and thin DNS, starts with the same observable profile. Give it a real web presence and complete DNS before mail flows.
Early complaints on tiny volumeGoogle's spam-rate dashboard measures the share of delivered mail that recipients manually mark as spam. On a warm-up-sized send, three or four complaints can cross the never-exceed 0.30% line in an afternoon, and above it you lose mitigation eligibility until the rate holds under 0.30% for 7 consecutive days. Purchased cold-outreach lists concentrate complaints exactly when the domain can least afford them.
Infrastructure basics fail: PTR, TLS, MXGmail's baseline for all senders includes valid reverse DNS (the sending IP's PTR record must resolve to a hostname whose forward lookup returns the same IP) and TLS on the connection. Fresh infrastructure misses these constantly: a new VPS keeping the host's default PTR, or a domain with no MX because "it only sends". Each miss is another vote against a domain with no credit to draw on.
Six-step day-one setup for sending from a new domain to Gmail: publish SPF, DKIM, and DMARC, fix PTR, TLS, and MX, give the domain a real web presence, verify in Postmaster Tools, warm up on Google's published curve, then hold the spam rate and enforce DMARC.

How to fix it, step by step

  1. Run the email security score on the new domain

    Use the free checker above (or at /tools/email-security-score). It grades SPF, DKIM, DMARC, MX, and the supporting DNS in one pass and tells you what to fix before the first campaign instead of after the first spam-foldering.

  2. Publish SPF, DKIM, and DMARC before the first real send

    Add every sending platform to the SPF record, enable DKIM signing under your own domain at each platform, and publish a DMARC record (start at p=none with a rua= reporting address so aggregate reports flow). Verify each with /tools/spf, /tools/dkim, and /tools/dmarc, and confirm the passing domain aligns with the From address; Gmail's bulk-sender requirements demand that alignment.

  3. Fix PTR, TLS, and the domain's public face

    Set the sending IP's PTR to a hostname on your domain and make the forward lookup match, confirm the connection uses TLS, and publish real MX records. Then put an actual website on the domain: a parking page tells every reputation classifier the domain is disposable.

  4. Verify the domain in Postmaster Tools on day one

    Add and verify the domain at postmaster.google.com before any volume exists. Dashboards stay empty until you send enough mail to personal Gmail accounts, so the earlier you verify, the sooner compliance status, spam rate, and domain reputation start reporting Gmail's own verdict instead of a third-party guess.

  5. Warm up on Google's published curve

    Open with small sends to recipients who know the sender and will engage. Google's guidance: increase daily volume by 25% to 100% depending on results, and pace traffic at consistent volumes rather than bursts. If messages start deferring, Google says to stop for 15 minutes, send a single test, and resume more slowly.

  6. Hold the spam rate down, then enforce DMARC

    Keep the Postmaster spam rate under 0.10%, prune recipients who never engage, and read the DMARC aggregate reports as volume grows. Once every legitimate sender passes with alignment, move the policy from p=none to p=quarantine and then p=reject so the reputation you just built cannot be spent by a spoofer.

Related free tools: SPF checker · DKIM checker · DMARC checker · Domain reputation · DNS lookup

If you send in volume: Gmail's published rules

Gmail's sender requirements have been in force since February 1, 2024. Every sender to personal Gmail addresses needs passing SPF or DKIM, valid forward and reverse DNS (PTR) on the sending IP, TLS, and a spam rate that never reaches 0.30% (Google's stated target: "Keep spam rates reported in Postmaster Tools below 0.10%"). Send close to 5,000 messages or more to personal Gmail accounts within 24 hours and you are a bulk sender permanently; Google's FAQ says the status has no expiration date. Bulk senders must pass both SPF and DKIM, publish DMARC (p=none satisfies the requirement), align the From domain with the passing SPF or DKIM domain, and support one-click unsubscribe on marketing mail (per Google's sender guidelines and FAQ, checked 2026-07-17). A new client domain that will carry real volume should be built to the bulk bar from day one.

Check your standing with Gmail

Bounce codes you may be seeing

Blocks in this cluster surface as specific SMTP codes. Match yours below; the linked guides cover each code's verbatim provider messages and full fix.

The real root cause: unenforced authentication

A new domain's core problem is that Gmail knows nothing about it, and the only part of that you can fix on day one is identity. Warm-up takes weeks; correct authentication takes an afternoon. Publish SPF and DKIM for every service that sends as the domain, add DMARC at p=none, and watch the aggregate reports as volume ramps: they show which senders pass, which are misaligned, and whether anyone else is already borrowing the name. Then enforce. A domain that reaches p=reject builds reputation that belongs to it alone, because spoofers and forgotten test systems cannot send as the domain and spend the history you are accruing. Monitoring shows you the gap; enforcement closes it and keeps a young reputation yours.

Enforce it — don't just monitor it

Palisade's AI agent takes domains all the way to enforcement: hosted SPF, DKIM, DMARC, and MTA-STS records, DMARC reports monitored continuously, and policies advanced to p=reject automatically. Your first domain is free, and the full product is open for 15 days, no card.

Free 15-day trial · No credit card · Your own domain free forever (NFR)

Fixing this across every client domain

MSPs hit this problem on a schedule: every new client, rebrand, or acquisition ships a fresh domain that Gmail treats as a stranger. The day-one work (SPF per platform, DKIM per platform, DMARC, Postmaster verification, then a watched warm-up) is exactly the ticket type that never gets billed, multiplied by the fleet. Palisade does it once per fleet: it hosts and manages the SPF, DKIM, DMARC, and MTA-STS records for every client domain, flags unauthenticated senders from DMARC reports while the domain is still warming, and walks each domain to p=reject automatically. Tickets land in ConnectWise, HaloPSA, or Autotask through native PSA integrations, pricing is per domain ($9, dropping to $7 at 100+ and $5 at 1,000+), the first domain is free, and your own MSP domain runs as a free NFR domain to prove it on.

Frequently asked questions

Google publishes no timeline. Postmaster Tools only starts showing reputation data once your volume to personal Gmail accounts is high enough, so the first weeks run blind. In practice, consistent authenticated sending with a spam rate under 0.10% builds usable standing over several weeks of gradual volume increases, not days.

Authentication is the entry ticket, not the whole score. Gmail rates domains on history, and a new domain has none, so complaint rate and volume pattern decide placement. Confirm the passing SPF or DKIM domain aligns with your From address, keep the spam rate under 0.10%, and ramp volume gradually.

No. Google publishes no domain-age rule, and new domains that follow the sender guidelines deliver fine. What Gmail punishes is behavior that correlates with disposable domains: full volume with no history, missing authentication, no real web presence. Note that unauthenticated mail can be rejected outright with 550 5.7.26 rather than spam-foldered.

Start with small sends to recipients who know you and will open the mail. Google's own guidance is a daily volume increase of 25% to 100% depending on results, paced at consistent rates rather than bursts, with a slower ramp after any deferrals. There is no published fixed schedule; watch Postmaster Tools as volume grows.

Google's guidelines say to keep the spam rate reported in Postmaster Tools below 0.10% and avoid ever reaching 0.30%. Above 0.30% you also lose eligibility for mitigation until the rate stays below that line for 7 consecutive days. On a new domain's small volume, a handful of complaints crosses it.

It is a reasonable hedge. A subdomain separates a bulk stream's reputation from the mail your business runs on, and Gmail rates sending domains individually. It is not an escape hatch: Google's FAQ applies the sender requirements at the primary domain level, so a burned subdomain still drags the whole domain's standing.

No. Mail sent through Google's own servers still carries your domain's reputation and still falls under the sender guidelines. You need DKIM signing for your domain, SPF that covers Google's senders, a DMARC record, and the same gradual warm-up. Workspace mail from a cold, unauthenticated domain lands in spam too.

Related guides

Email deliverability, fixed: the full guide