How do you fix “Gmail: this message was not sent to Spam because of DMARC”?

Updated July 3, 2026

This banner means Gmail's filters were suspicious of the message, but the sending domain's DMARC setup (typically a p=none policy or a passing DMARC result) instructed Gmail to deliver it to the inbox instead of spam.

Why this happens

Gmail shows this banner when its spam filtering and the sender's DMARC disposition disagree. A common case: the message failed or looked spammy to Gmail's classifiers, but the From domain publishes p=none (“take no action on failures”), so Gmail honored the domain owner's stated policy and kept the message out of spam, while warning you it had doubts.

If you're the recipient, the banner is a caution flag, not a verdict. The message might be a legitimate newsletter with clumsy formatting, or it might be phishing from a domain whose owner hasn't locked DMARC down yet. Treat links and attachments in banner-flagged mail with the same suspicion you'd give anything unexpected.

If you're the sender and your recipients report seeing this banner on your mail, it means two things at once: Gmail's filters don't fully trust your messages, and your permissive DMARC policy is currently what's keeping them in the inbox. That's a fragile position. You're one policy evaluation away from the spam folder, and it's a signal to fix authentication and content reputation now.

How to fix it

  1. 1

    Work out which side of the banner you're on

    Recipients: skip to being careful with the message. Senders: get an affected recipient to use Gmail's “Show original” on the message and send you the Authentication-Results. You need to see the SPF, DKIM, and DMARC verdicts Gmail recorded.

  2. 2

    Check your authentication results

    In that header, look for spf=pass, dkim=pass, and dmarc=pass with your domain. If either SPF or DKIM fails or is unaligned, that authentication gap is feeding Gmail's suspicion. Fix the failing mechanism first.

  3. 3

    Fix the underlying trust problem

    If authentication passes, the suspicion is reputational: sudden volume spikes, spammy content patterns, poor list hygiene, or a shared IP with bad neighbors. Register for Google Postmaster Tools and check your domain reputation and spam-rate graphs.

  4. 4

    Tighten your DMARC policy when ready

    p=none is a starting point, not a destination. Once your DMARC reports show all legitimate sources passing, move to p=quarantine and then p=reject. A strict, well-aligned policy improves how receivers weigh your mail, rather than merely excusing it.

  5. 5

    Verify with your DMARC reports

    Run your aggregate reports through our DMARC report analyzer to confirm every legitimate source authenticates cleanly before and after any policy change. The banner should stop appearing as Gmail's confidence in your mail recovers.

Verify the fix

Run the check that corresponds to this error. You'll see the same red/amber/green verdicts mailbox providers effectively apply.

Open the DMARC report analyzer →

Preventing it next time

This banner is an early warning that your domain is coasting on a permissive policy rather than earning inbox placement. DMARCPath turns your raw DMARC reports into plain-English visibility (which sources pass, which fail, and when you're ready to enforce) so you tighten your policy on evidence and hear about authentication slips from us, not from a customer forwarding you a screenshot of the banner.

Frequently asked questions

Is a message with this banner safe to open?
Not automatically. The banner means Gmail had doubts but deferred to the sender's DMARC policy. Reading it is fine; be skeptical of links, attachments, and any request for credentials or payment.
Why does Gmail respect a policy that says “do nothing”?
DMARC lets domain owners declare how receivers should treat failures, and p=none explicitly requests no action. Gmail honors that but adds the banner so users know the delivery decision came from policy, not confidence.
As a sender, will moving to p=reject remove the banner?
It removes this specific banner path, since Gmail would reject or junk failing mail instead of delivering it with a warning. But do it only after your reports confirm all legitimate mail passes: p=reject with broken authentication means lost mail, not clean delivery.

Catch this before your customers do

DMARCPath watches your domain's authentication continuously and alerts you the day something breaks, not the week a customer mentions your emails stopped arriving. One domain free.

Start monitoring free →