Our domain sendx.io was set up four years ago, and we have been using GSuite to communicate within the team. We never expected our emails to land in the spam box.
We have been in the email deliverability space for over two years now. Proper authentication (SPF/DKIM/DMARC records), maintaining server and domain reputations, etc., have been like the back of our hands.
But when we added DMARC records… we noticed that something was not right.
I once joined a Zoom call and sat there for ten minutes munching my makhanas… alone. Everyone invited to the meeting said they didn’t get an invite in the first place. (Note to self: check if people accepted the invite next time.)
The bigger issue was: where were the calendar invites from a four-year-old domain managed by email experts actually going?
That was the moment my detective hat went on. I could almost hear the words, “Daya, pata lagao ye mail gaya to gaya kahan” (meaning: “Find out where these emails actually went”).
This was a big issue because calendar emails are crucial for sales calls as well. Internally, we can ping people on Slack or WhatsApp, but that’s not possible for client calls. And if a sales call doesn’t happen, you’ve just left a big bag of cash on the table and walked away
When we started investigating, we couldn’t find a clue at first. Everything looked perfect. Let me show you what I mean.
We knew our GSuite emails were properly authenticated. Still, we double-checked everything instead of assuming all was fine.
We checked each and every mail to confirm if DMARC was passing. The result: Yes, they were. See the screenshot below.
Then, we thought that the problem could be with just the Google apps related emails e.g. Google calendar or Google drive related mails, which need special changes for them to work.
But even those seemed perfect.
Here is our gorgeous-everything-fine screenshotBut were still landing in the spam box.
Then on some of the emails, we saw the dreaded yellow banner telling that authentication failed.
What went wrong with this one? Why was DMARC FAILing?
Here is our not so gorgeous-something-broken screenshot*cue dramatic sad music in my head*
Were different inboxes on the same domain configured differently? Definitely not.
I was ready to make a sacrifice to the gods of bugs. But then resorted to less dramatic stuff - took a shot of tequila, an ice-cold shower, and started the week-long search.
We started from the first obvious place - Google. And found people who faced similar questions & posted in the forums asking for help. Here is that link: https://support.google.com/a/thread/14276582?hl=en.
I took a hopeful sigh.
But it was too soon for that.
Because from there we were led to this page - https://toolbox.googleapps.com/apps/checkmx/.
Which again added to our confusion since OUR CHECKS WERE PASSING!
My wtf/minute was now increasing.
We realized we had to go back to the basics and start from scratch.
We looked at everything related to DKIM setup for the sendx.io domain—how it’s implemented, which services it applies to, and whether we should expect DMARC failures for Calendar and other Google apps but not GSuite emails.
We opened the admin console totally sure that there’s nothing wrong.
Clicking one link after the other.
*cue soothing zen music*
Apps → GSuite → Gmail → Authenticate Email — everything was exactly as it should be. We even checked the DKIM value and matched it with our DNS record. All good.
Then I noticed the Start Authentication button.
Confused look on my face.
I clicked it, sent a GSuite email, and noticed one difference
Now, DKIM passed with the domain sendx.io instead of google.com. If you look back at the previous screenshots, DKIM had passed earlier, but with the domain google.com.
Here is our where-were-you-all-this-while screenshotWe sent Calendar invites and noticed the same thing—DKIM passed with the domain sendx.io, and DMARC passed too.
It was amazing to finally catch the bug—our very own “eureka” moment. I went from a cussing machine to a complete zen monk, while others danced in joy.
In this case, Google’s authentication messages were the culprit. We had never actually passed DMARC in the first place. DKIM needed to pass with our domain (sendx.io) for DMARC to succeed.
If you ever expected a mail from us and didn’t get it, don’t think we’re rude—the email might just have landed in your spam folder instead.
But that’s not going to be the case anymore. Solving this issue and knowing our emails are finally safe from the spam box feels absolutely amazing.
