Who this is for: Ecommerce and SMB teams whose order confirmations, shipping notices, and receipts are missing, delayed, or routed to spam/promotions.
Why do order confirmations land in spam?
Mailbox providers run a risk model on every message. If identity is unclear, content looks promotional, or your domain reputation is noisy, even essential transactional emails get deprioritized.
Most common root causes
- Broken or missing authentication: DKIM not passing, SPF not authorizing your sender, or DMARC not aligned with your visible From: domain. Start here: DKIM in Mailpro.
- Mixed traffic: promos and confirmations share the same identity/IP; complaints from marketing spill onto confirmations.
- Over-designed template: image-heavy layout, many links, promotional copy in a transactional email.
- Reputation leaks: large imports, typo-heavy addresses, or stale lists hurt the same domain you use for confirmations.
- Envelope mismatch: Return-Path/bounce domain doesn’t match the visible From: identity.
TL;DR — The 10-minute fix
-
Create a transactional subdomain:
notify.example.comfor confirmations (keep marketing onmail.example.com). -
Authenticate & align: SPF authorizes sender; DKIM signs; DMARC aligns to
notify.example.com. - Use a clean template: text-first, one logo, order essentials only—no promotions.
- Send through a stable channel: Mailpro Email API or SMTP with TLS required.
-
Seed test + header check: verify
DKIM=passand DMARC alignment; log Message-ID ↔ Order-ID.
Fix identity: SPF, DKIM, DMARC (with alignment)
Mailbox providers need a cryptographically trustworthy identity tied to what the user sees in the From: line.
What “good” looks like
- SPF: your DNS record authorizes Mailpro for the transactional subdomain.
-
DKIM: all confirmations are signed with a 2048-bit key on
notify.example.com. Configure here: DKIM setup. -
DMARC: policy references
notify.example.com, aligning with the signed/authorized domain.
Tip: Keep From:, Return-Path, and DKIM domain aligned to notify.example.com. Misalignment is a frequent spam trigger.
Need broader deliverability context? See Mailpro’s deliverability tips.
Split marketing vs. transactional traffic
Don’t let a big promo drag down confirmations. Use separate domains/streams:
-
notify.example.com→ order confirmations, receipts, resets, shipping notices. -
mail.example.com→ newsletters, sales, lifecycle campaigns.
If you outgrew a shared pool, move confirmations onto a stable, low-noise stream via Email API or SMTP.
Make a “transactional-clean” template
Your confirmation should look like a receipt, not a flyer.
- Header: brand logo (small), “Order Confirmation #12345.”
- Essentials only: items, total, taxes, shipping/billing summary, order date/time, support/contact, order-status link.
- Keep HTML light: mostly text, a few links, no countdowns or big banners.
- No promos here: avoid sales language and discounts; that belongs to the marketing stream.
- Accessibility: alt text for the logo; clear, scannable structure.
Build once and reuse across locales with the Mailpro Newsletter Builder.
Enforce TLS, monitor, and alert
Confirmations contain personal data and must be protected in transit.
- Send via Mailpro Email API or SMTP with TLS required.
- Alert on TLS handshake failures, bounce spikes, and deferrals.
- For strict jurisdiction/privacy, host in Switzerland and get a DPA/GDPR basis in place.
Deliverability QA checklist (pre-send)
-
Transactional subdomain (
notify.example.com) live and delegated. - SPF authorizes Mailpro; DKIM=pass on seeds; DMARC aligned.
- Template is plain, accessible, and strictly transactional.
-
From:/Return-Path both on
notify.example.com. - SMTP/API uses TLS; alerts on failures and bounce spikes.
- Order-ID ↔ Message-ID stored in your app logs (correlate with Mailpro stats).
Confirmations landing in spam? Mailpro’s email authentication sets up SPF, DKIM and DMARC correctly — so order emails reach the inbox.
Troubleshooting trees (what to check first)
Tree A — Authentication fails
-
Check headers in a seed inbox: Is
DKIM=pass? Is the DKIM domain your transactional subdomain? - SPF include: Does your SPF record authorize Mailpro for that subdomain?
- DMARC alignment: Does the visible From: match the DKIM/SPF domain?
- Fix DNS, re-test; don’t proceed until alignment is clean.
Tree B — Auth passes but still spam
- Template: Remove promotional elements; reduce imagery; simplify links.
- Segregation: Move confirmations off marketing identity/IP.
- Volume/reputation: Smooth traffic spikes; suppress bounces/complaints immediately.
- Inbox-specific signals: Test Gmail, Outlook, Apple; adjust where persistent.
Tree C — Random missing confirmations
- Check app logs for send attempts, SMTP response codes, and Message-ID creation.
- Verify downstream processing (webhooks, ERP) didn’t interrupt send flow.
- Correlate order events to Message-IDs via the Email API.
- Set alerting on deferrals/timeouts; retry with backoff.
Case study: 48-hour recovery for a mid-market store
A fashion retailer saw a surge of “Where is my order?” tickets. Investigation showed confirmations were authenticated but routed to promotions/spam in Gmail and Outlook for ~22% of customers after a major sale.
What we changed
-
Moved confirmations to
notify.brand.com; kept marketing onmail.brand.com. - Hardened DKIM (2048-bit) and aligned DMARC to the transactional subdomain.
- Rebuilt the template: text-heavy, no promos, lean HTML.
- Implemented TLS enforcement and alerting; logged Order-ID ↔ Message-ID.
Outcome (14 days)
- Spam/promotions placement fell from ~22% to < 3% on seed tests.
- Support tickets dropped 41% week-over-week.
- Chargebacks from “no confirmation received” fell to near zero.
Copy-paste subjects, bodies, and headers
Subject lines (neutral)
- Your Order Confirmation #[{{order_id}}]
- We’ve received your order #[{{order_id}}]
- Receipt for Order #[{{order_id}}]
Plain-text body (minimal, deliverability-friendly)
Hello {{first_name}},
Thanks for your purchase. Your order #{{order_id}} was received on {{order_date}}.
Items: {{item_count}} · Total: {{order_total}}
Track or view details: {{order_link}}
Need help? Reply to this email or visit our help page.
— {{brand}} Support
Header alignment example
- From: [email protected]
- Return-Path: [email protected]
- DKIM-Signature d=notify.example.com
KPIs and thresholds to track
- Inbox placement on seeds: promotions/spam < 5%.
- Hard bounces: < 0.3% (suppress immediately).
- Complaint rate: < 0.1% (never include promos).
- Latency: confirmation sent within 60 seconds of checkout.
- Logging coverage: 100% of orders mapped to Message-IDs.
Next steps with Mailpro
- Authenticate SPF/DKIM and align DMARC on a transactional subdomain.
- Send via Email API or SMTP with TLS enforced and logging.
- Tune deliverability with our practical checklist.
- Swiss hosting and DPA/GDPR for compliance-ready operations.
FAQ
Why are my order confirmations going to spam?
Most often: broken SPF/DKIM, no DMARC alignment, mixed marketing traffic, and over-promotional templates. Fix identity, split streams, and simplify.
Do images or attachments cause spam?
Images aren’t bad alone, but image-heavy layouts look promotional. Avoid attachments; link to the order page instead.
Is DKIM alone enough?
No. You also need SPF, DMARC alignment, traffic segregation, TLS, and a transactional-clean template.
How do I prove delivery?
Store SMTP outcomes, DKIM pass, and the Message-ID, and map it to the Order-ID. Mailpro provides email stats; your app logs complete the audit trail via the Email API.
Mailpro and authenticating order emails
Order confirmations in spam? Fix it with proper authentication
Order emails get filtered when SPF, DKIM and DMARC aren’t set right. Mailpro configures all three for you, so confirmations and receipts land in the inbox where customers expect them.