Emails. General recommendations
Transactional emails such as password resets, account confirmations, or security alerts must reach the inbox quickly. Yet many companies see these messages flagged as “suspicious” or filtered into spam because of avoidable mistakes in email design and configuration. Below are five practical recommendations to improve deliverability and reduce false positives in systems like SpamAssassin.
1. Always Provide a Plain-Text Version
Spam filters penalize emails that contain only HTML. Even if your design is clean, missing a text/plain alternative suggests a marketing blast or phishing attempt.
Use multipart/alternative and include a simple plain-text body.
Keep it short, direct, and readable without styling.
2. Host Images on Your Own Domain
External image hosts (for example, blob storage or generic CDNs) can trigger phishing rules. Filters expect brand consistency between sender domain and hosted resources.
Store logos and assets on your company�’s main domain or a branded CDN.
Avoid linking to images on third-party blob storage.
3. Simplify Links and Tokens
Links with long random strings or hex tokens are common in password reset flows, but filters can flag them as suspicious.
Use shorter, branded paths such as /rp/abcd1234 and resolve the token server-side.
Ensure all links are HTTPS and under your primary domain.
4. Balance Text and Design
Emails that are mostly layout, buttons, or images with little real text resemble spam campaigns.
Add explanatory sentences about why the email was sent.
Include a fallback option: e.g., “If the button doesn’t work, copy and paste this link.”
Sign off with company details or support contact information.
5. Avoid External Fonts
Custom fonts (Google Fonts, etc.) are often blocked and can raise spam suspicion.
Stick with system fonts like Arial, Helvetica, or sans-serif.
This keeps your email lightweight and compatible across clients.