Login Get Started →
// fix guide · HubSpot

Fix HubSpot emails going to spam

HubSpot's Send test email button mails from noreply@hubspot.com with the from name Marketing Email Preview Send. It bypasses your domain, your authentication, and your IPs entirely, so it proves nothing about spam placement. This guide covers what actually decides placement for HubSpot senders: the two DKIM CNAME records on your connected sending domain, the two separate sending paths (marketing email versus connected-inbox sales email), shared IP pools, tracking domains, and how to verify a real Send now campaign with Unspam.

Run a free spam test → How to test your sends
// why it happens

Why HubSpot emails land in spam.

01

Your entire DMARC pass hangs on two DKIM CNAME records

On shared IPs, HubSpot always sets the Return-Path to a subdomain of hubspotemail.net, so SPF passes for HubSpot's domain and can never align with yours. DMARC compliance therefore rests entirely on the two DKIM CNAME records created when you connect your sending domain under Settings > Content > Domains & URLs > Email Sending. If those CNAMEs are missing, deleted, or pointing at the wrong target, every campaign fails DMARC outright. Confirm the DKIM d= domain on a live send, not just in HubSpot's UI.

02

The test send said inbox, so you trusted it

HubSpot's Send test email goes out from noreply@hubspot.com with the from name Marketing Email Preview Send. It uses HubSpot's own infrastructure, not your connected domain, your DKIM keys, or your IP pool; HubSpot does this on purpose to protect your sending reputation. A test that reaches the inbox proves HubSpot can email you, nothing more. The only valid deliverability check is a real Send now campaign to seed addresses you control.

03

You are debugging the wrong sending path

HubSpot sends through two completely different routes. Marketing emails leave through HubSpot's sending network on shared or dedicated IPs, authenticated by your connected sending domain. One-to-one sales emails and sequences leave through your own connected Gmail or Microsoft inbox and ride that mailbox's reputation and limits. A fix for one path does nothing for the other: connected-domain DKIM will not rescue spam-foldered sequences, and warming your personal inbox will not fix a marketing campaign.

04

Shared IP pool reputation is not yours to control

Unless you buy the dedicated IP add-on (Marketing Hub Professional and Enterprise, sensible above roughly 100,000 emails a month per HubSpot's own threshold, with an automated 40-day warm-up), marketing email leaves on IP pools you share with other HubSpot customers. Pool reputation moves without you, and blocklist hits there are frequently not your incident. What you do control is domain reputation, which is why the connected sending domain, list quality, and engagement do the heavy lifting on HubSpot.

05

Your links run through shared HubSpot tracking domains

Marketing email links are rewritten for click tracking and carry long encoded _hsenc and _hsmi parameters, while sales and CRM emails wrap links through shared domains in the *.hs-sales-engage*.com family until a custom tracking domain is configured. Filters compare link domains against your From domain, and a shared redirector carries whatever reputation other senders gave it. Set the click tracking domain to one of your connected domains in your marketing email settings, and add a custom tracking domain CNAME for sales email.

06

You are mailing contacts HubSpot itself would suppress

HubSpot ships two safety systems senders fight instead of using. Graymail suppression skips contacts who never engaged and ignored your last 11 marketing emails, or engaged once and ignored the last 16. Contact quarantine blocks addresses tied to hard-bounce spikes, global bounce history, or suspicious form activity. If your campaigns only look healthy with those filters on, the list is the problem. Sunset the unengaged instead of unchecking the box.

// authentication

How HubSpot authenticates your mail.

HubSpot signs marketing email itself once your sending domain is connected, and the connect wizard now hands you SPF and DMARC TXT records alongside the two DKIM CNAMEs. On shared IPs only the DKIM pair creates DMARC alignment; the rest is supporting cast. Everything lives under Settings > Content > Domains & URLs, on the Email Sending tab.

record default the problem the fix
DKIM Until you connect your sending domain, marketing email is signed by HubSpot's shared identity instead of your From domain. Unaligned DKIM means DMARC fails on every campaign, because SPF cannot align on HubSpot's shared IPs, and your domain builds no reputation of its own. In Settings > Content > Domains & URLs, open the Email Sending tab, click Connect sending domain, and publish the two DKIM CNAME records HubSpot generates; verify the d= domain on a live send afterwards.
SPF On shared IPs the Return-Path (envelope from) is always a hubspotemail.net subdomain, so SPF is evaluated against HubSpot's domain and passes. SPF passes without alignment, so it contributes nothing to DMARC; reports showing SPF fail with DKIM pass are normal for HubSpot. Publish the SPF TXT record from the connect wizard (merge it into an existing SPF record rather than adding a second one), and know that SPF alignment is only available to dedicated IP customers, who must configure a custom envelope return path.
DMARC HubSpot does not publish DMARC for you; the record lives in your own DNS, and many portals never add one. Senders pushing 5,000+ emails a day to Gmail or Yahoo without DMARC get throttled or rejected under the February 2024 rules, and an enforcement policy with broken DKIM CNAMEs sends your own campaigns to spam. Publish v=DMARC1; p=none with an rua reporting address at _dmarc.yourdomain.com (the connect-domain wizard includes this TXT record), then tighten to quarantine or reject once reports run clean.
Tracking domain Marketing email links are rewritten with encoded _hsenc and _hsmi parameters, and sales email links route through shared *.hs-sales-engage*.com redirect domains. Link domains that never match your From domain read as phishing-adjacent, and shared redirectors carry the reputation of every HubSpot sender using them. Set the Click tracking domain to one of your connected domains under Settings > Marketing > Email, on the Tracking tab, and add a custom tracking domain CNAME (Sales Hub Starter and up) so sales and CRM links stop resolving through hs-sales-engage domains.
// test your real sends

How to test a HubSpot campaign with Unspam.

HubSpot's Send test email cannot tell you anything about placement: it leaves from noreply@hubspot.com with the from name Marketing Email Preview Send, on HubSpot's own infrastructure, skipping your connected domain, your DKIM keys, and your IP pool entirely. Unspam does not integrate with the HubSpot API. The workflow is a real Send now campaign to seed contacts, which is also the only test that measures the mail your subscribers actually receive.

  1. 01

    Get your Unspam seed address

    Start a spam test or inbox placement test in Unspam and copy the test address it generates. Placement tests include seed addresses across Gmail, Outlook, Yahoo, Zoho, ProtonMail and AOL.

  2. 02

    Create the seeds as contacts in a static list

    HubSpot only delivers marketing email to contacts, so add each seed via CRM > Contacts > Create contact and set it as a marketing contact (on marketing-contacts pricing, seeds count toward your billable tier; a handful rarely moves it). Put them in a static list named Deliverability seeds.

  3. 03

    Clone the campaign and point it at the seed list

    Clone the email you are diagnosing in Marketing > Email so the From address, content, and links stay identical. In the recipients step, select the seed list and uncheck Don't send to unengaged contacts, so graymail suppression cannot quietly skip your seeds.

  4. 04

    Send it with Send now, not Send test email

    Use the real send action so the mail leaves through your connected sending domain, your IP pool, and live click tracking, exactly like a customer send. A test send would leave from noreply@hubspot.com and measure nothing.

  5. 05

    Read the results in Unspam

    Check the spam score, placement per provider, and the SPF, DKIM and DMARC verdicts on the live send. DKIM should sign with your domain; SPF showing a hubspotemail.net Return-Path is normal on shared IPs. Client previews, the AI eye-tracking heatmap, and the AI fix assistant run on the same message.

// platform gotchas

HubSpot features that quietly affect delivery.

Graymail suppression skips recipients silently

The Don't send to unengaged contacts option excludes anyone who never engaged and ignored your last 11 marketing emails, or engaged once and ignored the last 16, based on the Sends since last engagement property. Skipped contacts are not queued for later, they are simply not mailed. Leave it on for production sends, but uncheck it when mailing fresh seed lists so the test actually goes out.

Quarantine is not a checkbox you can clear

HubSpot quarantines contacts tied to hard bounce spikes (around 15% across multiple sends, or a critically high rate on one), addresses with global bounce history across HubSpot's network, and suspicious form submissions. Quarantined contacts are unmailable until reviewed. Fix the source instead: verify imports externally, add CAPTCHA to forms, and turn on double opt-in.

Seed contacts touch marketing contacts billing

Marketing email only reaches contacts set as marketing contacts, and marketing contacts count toward your billable contact tier; cross the tier and HubSpot upgrades you automatically mid-cycle. A few Unspam seeds are negligible on their own, but create them as marketing contacts deliberately and prune them if you ever sit at a tier boundary.

A blocklisted shared IP is usually not your incident

Blocklist monitors regularly flag HubSpot's shared marketing IPs, and the listing is often about the pool, not you: SORBS listed HubSpot shared IPs essentially on principle, with negligible real-world bounces, until the list was decommissioned in June 2024. HubSpot's deliverability team handles listings with reputable operators like Spamhaus and SpamCop. Use Unspam's blacklist monitoring to watch your own domain and react to domain listings, not pool noise.

// FAQ

HubSpot deliverability, answered.

Why do HubSpot test emails land in spam while real campaigns reach the inbox, or the reverse?

Because they are different mail. Test sends leave from noreply@hubspot.com with the from name Marketing Email Preview Send, on HubSpot's infrastructure, without your connected domain, DKIM keys, or IP pool. Filters score that combination on its own merits. Only a real Send now campaign to seed addresses shows where customer mail lands.

My DMARC reports show SPF failing on every HubSpot campaign. Is something broken?

No, that is how HubSpot works on shared IPs. The Return-Path is always a hubspotemail.net subdomain, so SPF passes for HubSpot's domain but never aligns with yours, and DMARC passes through DKIM alone. If DKIM also shows unaligned, fix the two CNAME records on your connected sending domain; that is the actual emergency.

Marketing emails deliver fine, but my sequences go to spam. Why doesn't the domain fix help?

Sequences and one-to-one sales emails do not use HubSpot's sending network at all. They leave through your connected Gmail or Microsoft inbox and inherit that mailbox's reputation, sending limits, and history. Connected-domain DKIM only authenticates marketing email. Diagnose sequences like personal mail: mailbox reputation, daily volume, link wrapping through hs-sales-engage domains, and content.

Can Unspam connect to my HubSpot account and test campaigns automatically?

No. Unspam does not integrate with the HubSpot API or any other ESP API. You create Unspam's test address as a contact, send a real campaign to it, and read the results in Unspam. With HubSpot that limitation is the point: anything other than a real send leaves from noreply@hubspot.com and measures nothing about your setup.

Should I buy HubSpot's dedicated IP add-on?

Only if you send well above 100,000 marketing emails a month, the threshold HubSpot itself suggests. It is an add-on for Marketing Hub Professional and Enterprise, with an automated 40-day warm-up that gradually shifts traffic off the shared pools. Below that volume a dedicated IP starves and performs worse than the managed shared pool. Authentication, list hygiene, and engagement come first.

Do seed addresses raise my HubSpot bill?

They can, slightly, on marketing-contacts pricing. Marketing email only reaches contacts set as marketing contacts, and those count toward your billable tier, with automatic tier upgrades if you cross the line. A handful of Unspam seeds will not move a tier by itself. The free Unspam tier covers 10 spam tests and 3 inbox placement tests a month with no card; paid plans start at $9 per month with a 14-day refund.

HubSpot platform details were verified against publicly available documentation in June 2026 and may have changed since. HubSpot is a trademark of its respective owner. Unspam is not affiliated with or endorsed by HubSpot.

// see where you land

Test your next HubSpot campaign before your subscribers do.

Start a free spam test → Inbox placement test