Knowledge Base

Emails land in spam/junk folder


Emails with a signature added by CodeTwo Email Signatures 365 land in the recipients' spam or junk folder.


The most common reasons and recommended solutions are described below.

Incorrect configuration of the SPF record

The most common reason for the above to happen is incorrect configuration of the SPF record in your domain's DNS. You SPF record needs to be updated by adding the CodeTwo SPF address so that Exchange Online Protection (EOP) does not flag emails processed by the CodeTwo cloud service as spam. The software cannot set this up automatically as customers might use different DNS providers.

To configure your SPF record, follow this article.

Your signature contains a link that may be considered unsafe (e.g. a shortened URL)

If your email or email signature includes a link that is classified as not safe by the mail server of your recipient, the whole message might end up in the spam or junk folder. Unsafe links are, for example, URLs shortened using popular URL shortening services. Some of the generic URLs created by such services are often used by spammers, and therefore these URLs can be blacklisted by mail protection systems such as EOP.

To prevent such issues, you can:

  • avoid using shortened URLs and other potentially harmful links in your emails and email signatures,
  • use link shortening services that offer URLs based on your domain name.

Your signature contains a link to a domain with an expired SSL certificate

When the SSL certificate you use with your website’s domain expires, your website may get blacklisted by certain anti-spam systems, e.g. the Microsoft’s anti-spam feature integrated into Exchange Online Protection (EOP). If, at the same time, the link to your website is included in your email signature(s) and your recipients use Microsoft 365 or Office 365 (although this may also apply to other email services), your messages will end up in their Spam/Junk folder because the system will consider them unsafe and/or suspicious. To make matters worse, the filtered-out emails may quickly grow in number because your replies and forwards will get blocked as well – no matter where the signature with the link is located in an email conversation. To solve the problem, you need to renew your SSL certificate and then ask an antispam service provider to remove your domain from their blacklist.


Your domain may not become blacklisted by all popular anti-spam systems at once, so do not get misled by the fact that certain systems do not treat your website as a phishing threat.

Was this information useful?