email deliverability for ai agents: how to avoid the spam folder
AI-sent emails get flagged as spam more often than you'd think. Here's how to set up SPF, DKIM, and DMARC so your agent's emails actually arrive.
Your agent has its own inbox. It can compose thoughtful replies, follow up on threads, and coordinate with other agents on the reef. There's just one problem: half its messages are landing in spam.
This happens more often than you'd expect. When an AI agent starts snapping emails from a new address, inbox providers treat it with suspicion. The sending patterns look automated (because they are), the domain has no track record, and the content carries the telltale mathematical signature of language model output. Gmail's filters have trained on billions of these messages, and they're getting better at catching them every month.
The good news: email authentication is a solved problem. SPF, DKIM, and DMARC exist specifically to prove that your messages are legitimate. The bad news: most developers skip the setup, and their agents pay the price.
Why agent emails get flagged#
Spam filters in 2026 evaluate over 60 distinct features per message — sentence complexity, punctuation rhythm, sending velocity, header metadata, and behavioral signals from across the provider's entire user base. If 10,000 people mark a sender as spam within five minutes, that sender gets blocked globally within minutes.
AI agents hit several red flags simultaneously:
New domain, no reputation. When your agent sends from a freshly provisioned address, the sending domain has zero history. Inbox providers default to skepticism. Going from zero to hundreds of emails on new infrastructure rings alarm bells at every major ISP.
High-velocity patterns. Agents don't send email the way humans do. A human might send 20 emails a day with irregular timing. An agent processing a support queue might snap 200 in an hour at perfectly regular intervals. Spam filters notice these burst patterns and flag them, sometimes rejecting messages before even analyzing the content.
Content fingerprinting. Over 51% of all spam is now generated by language models. Gmail and Outlook have responded by training classifiers that detect the structural patterns of model-generated text. High "perplexity" scores — a measure of how predictable the word choices are — route messages straight to Promotions or Spam. Your agent's perfectly composed email might read like spam to a filter that's seen millions of similar outputs.
Missing authentication records. Google and Microsoft now enforce strict compliance at the SMTP level. Bulk senders exceeding a 0.3% spam complaint threshold or failing SPF, DKIM, and DMARC alignment face immediate rejection. Not delivery to spam. Rejection.
The three protocols you need#
Email authentication works through three DNS records that together prove your messages are legitimate. Think of them as the agent's credentials on the reef.
SPF (sender policy framework)#
SPF tells receiving servers which IP addresses are allowed to send email for your domain. When a message arrives claiming to be from agent@yourcompany.com, the receiving server checks the DNS for an SPF record and verifies the sending IP is on the list.
yourcompany.com. IN TXT "v=spf1 include:_spf.lobstermail.ai ~all"
The include directive delegates authority to LobsterMail's sending infrastructure. The ~all softfail tells receivers to accept but scrutinize messages from unlisted IPs.
Warning
Never use +all in your SPF record. It tells every server on the internet that they're authorized to send email as your domain. Also avoid stacking multiple SPF records — you're limited to one per domain, and duplicates cause authentication to fail entirely.
DKIM (domainkeys identified mail)#
DKIM adds a cryptographic signature to every outgoing message. The sending server signs the email with a private key, and the receiving server verifies it against a public key published in your DNS. If the message was altered in transit, the signature breaks and the email fails authentication.
lobstermail._domainkey.yourcompany.com. IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA..."
The selector (lobstermail) identifies which key to use, since you might have multiple services sending email for your domain. The p= value is the 2048-bit public key.
Tip
Always use 2048-bit DKIM keys. Most ISPs have moved to 2048-bit as the standard, and 1024-bit keys are increasingly considered insufficient for production use.
DMARC (domain-based message authentication, reporting and conformance)#
DMARC ties SPF and DKIM together and tells inbox providers what to do with messages that fail authentication. It also gives you visibility into who's sending email on behalf of your domain.
_dmarc.yourcompany.com. IN TXT "v=DMARC1; p=reject; rua=mailto:dmarc-reports@yourcompany.com; pct=100; adkim=s; aspf=s"
The p=reject policy tells receivers to reject messages that fail both SPF and DKIM. The rua tag specifies where aggregate reports get sent — these reports show you every server that tried to send email as your domain, which is invaluable for catching misconfigurations.
Warning
Don't jump straight to p=reject. Start with p=none to monitor for at least two weeks. Review the DMARC reports to confirm all legitimate sending sources are authenticated, then move to p=quarantine, and finally p=reject. Skipping this ramp-up is how you accidentally block your own agent's emails.
Domain reputation and IP warmup#
Authentication gets your messages past the front door, but reputation determines whether they reach the inbox or the spam folder. Inbox providers track two reputation signals: your IP address and your domain.
A new dedicated IP starts with a blank slate. Sending a thousand messages on day one from an unknown IP looks indistinguishable from a spam campaign. The standard warmup timeline is four to eight weeks — start with small volumes to your most engaged recipients, then gradually increase.
Domain reputation follows similar logic. The d= signature domain in your DKIM record builds its own reputation over time. Gmail has shifted toward weighting domain reputation more heavily than IP reputation, since domains are harder to cycle through than IPs.
For agents, this means the first few weeks of sending are critical. Consistent volume, low bounce rates, and minimal spam complaints build the track record that gets future messages delivered.
How LobsterMail handles this automatically#
If you're using a custom domain with LobsterMail, the authentication setup is handled during domain configuration. When you add your domain, LobsterMail generates the exact SPF, DKIM, and DMARC records you need to publish. No guessing at syntax, no wondering if you got the selector right.
On the default @getlobstermail.com domain, authentication is already configured. Your agent's messages are signed with DKIM, sent from SPF-authorized infrastructure, and covered by DMARC policy from the first message. The reef's shared reputation means your agent benefits from the collective sending history of every agent on the platform.
For paid tiers, LobsterMail provides dedicated IP addresses with managed warmup. Instead of manually ramping volume over weeks, the platform handles the gradual increase and monitors deliverability metrics in real time. If bounce rates spike or spam complaints tick up, the system adjusts automatically before your reputation takes a hit.
This is the advantage of infrastructure purpose-built for agents. When your agent pinches its own shell on LobsterMail, it inherits a sending environment that's already been warmed, authenticated, and monitored — so it can focus on communicating instead of fighting spam filters.
Tip
On LobsterMail's Builder tier, you get deliverability dashboards showing inbox placement rates, bounce rates, and spam complaint ratios for every address on your domain. If something drifts, you'll know before inbox providers start throttling you.
Quick checklist#
Before your agent starts snapping emails, make sure you've covered these basics:
- SPF record published — one TXT record listing all authorized senders, ending in
~all - DKIM signing enabled — 2048-bit key pair with the public key in DNS
- DMARC policy set — start at
p=none, ramp top=rejectover 2-4 weeks - Domain warmed up — gradual volume increase over 4-8 weeks for new domains
- Bounce handling active — remove invalid addresses immediately to protect reputation
- Complaint rate monitored — stay below 0.3% to avoid SMTP-level rejection by Google
- Content varied — avoid sending identical messages at regular intervals, which triggers pattern detection
If that feels like a lot to manage on top of building your agent, that's the point of using a platform that handles it. Your agent should be solving problems, not debugging DNS records.
The bigger picture#
Email deliverability isn't glamorous. Nobody gets excited about TXT records and DKIM selectors. But for an agent that relies on email to communicate with users, customers, or other agents, deliverability is the difference between working and not working. A message in spam is a message that doesn't exist.
The protocols are well-established. The tooling exists. The only question is whether you set it up correctly — or whether you let a platform that's already done the work handle it for you.
If you're running agents that send email, get the authentication right. Your agent's reputation on the reef depends on it.
Frequently asked questions
What are SPF, DKIM, and DMARC?
SPF (Sender Policy Framework) lists which servers can send email for your domain. DKIM (DomainKeys Identified Mail) adds a cryptographic signature to verify messages weren't altered. DMARC (Domain-based Message Authentication, Reporting and Conformance) ties them together and tells receivers what to do with messages that fail authentication.
Why do AI agent emails land in spam more often?
Agents trigger multiple spam signals simultaneously: new domains with no reputation, high-velocity sending patterns, regular timing intervals, and content that matches language model fingerprints. Modern spam filters like Gmail's evaluate over 60 features per message and are trained to detect these patterns.
Does LobsterMail handle SPF, DKIM, and DMARC automatically?
Yes. On the default @getlobstermail.com domain, all three protocols are pre-configured. For custom domains, LobsterMail generates the exact DNS records during setup — you just publish them with your DNS provider.
How long does domain warmup take?
Typically four to eight weeks, depending on your target volume and engagement rates. Start with small batches to engaged recipients and gradually increase. LobsterMail's paid tiers include managed warmup that handles this automatically.
What happens if I skip DMARC setup?
Without DMARC, inbox providers have no policy to follow when SPF or DKIM fails. Your messages are more likely to be filtered or rejected. Google and Microsoft now require DMARC for bulk senders, and non-compliance can result in SMTP-level rejection.
Should I use a dedicated IP or shared IP for agent email?
It depends on volume. Shared IPs benefit from collective reputation but give you less control. Dedicated IPs let you build your own reputation, but require warmup. LobsterMail provides dedicated IPs on paid tiers with managed warmup so you get the benefits without the manual work.
What's the maximum spam complaint rate I should target?
Stay below 0.3%. Google enforces this threshold at the SMTP level — exceeding it means your messages get rejected outright, not just filtered to spam. Monitor complaint rates closely, especially during the first few weeks of sending.
Can I use multiple SPF records for different services?
No. DNS allows only one SPF record per domain. If you use multiple email services, combine them into a single record using include directives. Duplicate SPF records cause authentication failures.
How do I check if my DNS records are configured correctly?
Use tools like dig, MXToolbox, or Google's Check MX tool to verify your SPF, DKIM, and DMARC records are published and syntactically correct. LobsterMail also validates your records during custom domain setup and alerts you if anything is misconfigured.
Does email authentication prevent prompt injection attacks?
No — authentication and prompt injection are separate concerns. Authentication proves your messages are legitimate to receiving servers. Prompt injection is about malicious content in incoming messages. You need both deliverability infrastructure and inbox security for a complete setup.
What's the difference between ~all and -all in SPF?
~all (softfail) tells receivers to accept but flag messages from unauthorized IPs. -all (hardfail) tells receivers to reject them outright. Use ~all to ensure DMARC can still evaluate messages that fail SPF. A hardfail can cause legitimate messages to be rejected before DMARC gets a chance to evaluate the DKIM signature.
Can my agent monitor its own deliverability?
On LobsterMail's Builder tier, deliverability metrics are available via API. Your agent can check its own inbox placement rates, bounce rates, and spam complaint ratios — and adjust its sending behavior accordingly. Learn more about integrating with webhooks vs. polling for real-time monitoring.
Give your agent its own email. Get started with LobsterMail — it's free.