Every week I audit 20-30 small business domains as part of our email deliverability service. The numbers are consistent enough that I want to share them.
What We Find (In Numbers)
Out of every 100 small business domains we audit:
-
68 have no DMARC record (or one with no
rua=reporting address — which means it's also useless) - 41 have an SPF record that is either too permissive, broken, or completely missing
- 29 are missing DKIM entirely, or have a DKIM selector that no longer matches their current email provider
- 18 have all three problems simultaneously
The businesses with all three problems have an effective spam-delivery rate above 35%. That means more than 1 in 3 emails they send — quotes, follow-ups, invoices, appointment confirmations — never reaches the inbox.
The Business That Doesn't Know It Has a Problem
Here is the pattern we see most often:
A home services company (HVAC, roofing, plumbing) switches email providers 2 years ago. They set up the new SPF record. Nobody updates the DKIM selector. The old one is still in DNS pointing nowhere. The new one from the current provider is not in DNS at all.
The owner sends a quote on Tuesday. The quote lands in the client's spam folder. The client never sees it, goes with another contractor who quoted the same job. The owner thinks the lead just "wasn't serious."
This happens dozens of times per year at small businesses with broken email authentication. It is silent — no bounce notice, no error. The email just vanishes.
The Fix Takes One Afternoon
Once you know what to fix, the actual work is straightforward:
- Identify your current email provider (Google Workspace, Outlook 365, Mailchimp, etc.)
- Get the SPF include string from their support docs — it takes 2 minutes to find
- Enable DKIM in your email provider's admin panel — usually one click, then copy the DNS value
-
Add a DMARC record starting with
p=none; rua=mailto:youremail@yourdomain.com
The tricky part: if you use multiple services (CRM, transactional email, newsletter tool), each one needs its own DKIM selector in DNS, and your SPF record needs to include all of them without going over the 10-lookup limit.
That is where most businesses get stuck — not because it is hard, but because nobody explained that the 10-lookup limit exists and that include: chains count toward it.
What Gets Fixed When You Fix This
From our client data, businesses that go from broken authentication to fully configured typically see:
- Open rates increase by 15-25% (fewer legitimate emails landing in spam)
- Bounce rates drop significantly (fewer soft bounces from authentication failures)
- Google Postmaster reputation goes from "low" to "medium" or "high" within 30-60 days
- Invoice and quote emails are more likely to be seen the day they are sent
The ROI calculation is simple: if you are a contractor who sends 40 quotes per month and 30% of them are landing in spam, fixing deliverability means 12 more quotes read per month. If your close rate is 25%, that is 3 additional jobs per month from a one-afternoon fix.
How We Help
We run this audit for free. You give us your domain, we check every DNS record, test DKIM alignment, check your domain against major blocklists, and send you a report.
If you want the fix handled for you rather than doing it yourself, we offer that too — flat fee, done in 24-48 hours, no recurring cost unless you want ongoing monitoring.
Drop your domain in the comments or reach out directly and I will run the audit.
What email provider does your business use? Drop it in the comments — I will tell you exactly which DNS records you need.
Top comments (0)