cyprian.
Writing index
fixes / launch-ready

How I Would Fix emails landing in spam in a Make.com and Airtable client portal Using Launch Ready.

The symptom is usually simple: the client portal sends the email, but it lands in Promotions, Spam, or never shows up at all. In a Make.com and Airtable...

How I Would Fix emails landing in spam in a Make.com and Airtable client portal Using Launch Ready

The symptom is usually simple: the client portal sends the email, but it lands in Promotions, Spam, or never shows up at all. In a Make.com and Airtable setup, the most likely root cause is not "email content" first, it is sender trust: missing SPF/DKIM/DMARC alignment, weak domain setup, or a sending pattern that looks automated and low reputation.

The first thing I would inspect is the sending domain and mail provider configuration, then the exact Make.com scenario that triggers the message. If the domain is not authenticated correctly, or if Make is sending through a shared or misconfigured mailbox, you can burn deliverability fast and hurt onboarding, payment receipts, and support load.

Triage in the First Hour

1. Check the sender address used by Make.com.

  • Confirm whether emails are sent from Gmail, Outlook, SMTP, SendGrid, Mailgun, Postmark, or another provider.
  • Look for mismatched "From", "Reply-To", and envelope sender values.

2. Open the DNS records for the sending domain.

  • Inspect SPF, DKIM, DMARC, MX, and any CNAME records used by the mail provider.
  • Confirm there are no duplicate SPF records or broken DKIM selectors.

3. Review recent email samples.

  • Pull 5 to 10 messages that landed in spam.
  • Compare subject lines, formatting, links, attachments, and personalization tokens.

4. Check Make.com scenario history.

  • Look for retries, partial failures, duplicate sends, or bursts of messages.
  • Identify whether one scenario is sending too many emails too quickly.

5. Inspect Airtable fields feeding the email content.

  • Verify there are no malformed names, empty variables, broken URLs, or hidden HTML artifacts.
  • Check if any field contains user-generated text that could trigger spam filters.

6. Review Cloudflare and domain routing if used.

  • Confirm the mail domain is not behind a proxy where it should not be.
  • Make sure redirects and subdomains are clean and intentional.

7. Check mailbox reputation signals.

  • Use Google Postmaster Tools or your email provider's dashboard if available.
  • Look for bounce rate spikes, complaint rate spikes, or low authentication pass rates.

8. Test one controlled send to Gmail and Outlook.

  • Send from a clean test record with minimal content.
  • Compare inbox placement across providers before changing anything else.
dig txt yourdomain.com
dig txt selector._domainkey.yourdomain.com
dig txt _dmarc.yourdomain.com

Root Causes

| Likely cause | What it looks like | How I confirm it | | --- | --- | --- | | SPF missing or wrong | Emails authenticate inconsistently | Check DNS TXT records and message headers | | DKIM not signing correctly | DMARC fails even when SPF passes | Inspect headers for `dkim=fail` or absent signature | | DMARC policy too weak or misaligned | Mail passes some checks but still lands in spam | Verify alignment between From domain and authenticated domain | | Shared or low-reputation sender | Good setup but poor inbox placement | Compare with provider reputation tools and test different sender addresses | | Spammy content patterns | Large images, too many links, aggressive wording | Review templates for trigger-heavy language and HTML issues | | Burst sending from automation | Sudden batch sends get filtered | Correlate Make.com run times with spam placement |

A cyber security lens matters here because email trust is part infrastructure and part identity control. If your portal sends from an unverified domain or leaks secrets into automation steps, you are not just hurting deliverability; you are creating a path for spoofing, phishing confusion, and support escalation.

The Fix Plan

1. Lock down the sender identity first.

  • Use a dedicated sending subdomain like `mail.yourdomain.com` or `notify.yourdomain.com`.
  • Do not send transactional mail from a personal inbox if you want stable deliverability at scale.

2. Repair SPF so only approved senders can send mail.

  • Keep one SPF record per domain.
  • Include only the providers you actually use through Make.com.

3. Enable DKIM signing through your mail provider.

  • Rotate keys if they are old or were copied from another environment.
  • Confirm DKIM passes on live test messages before changing anything else.

4. Add DMARC with reporting enabled.

  • Start with `p=none` if you need visibility first.
  • Move toward `quarantine` only after authentication passes consistently.

5. Clean up the Make.com scenario.

  • Remove duplicate send steps.
  • Add rate limits or batching if Airtable updates trigger multiple messages at once.
  • Ensure only one scenario owns each notification type.

6. Simplify the email template.

  • Reduce image weight and link count.
  • Avoid all-caps subject lines, urgency bait, fake personalization tokens, and heavy HTML tables unless needed.

7. Separate transactional mail from marketing mail.

  • Portal notifications should come from a transactional stream only.
  • If newsletters exist elsewhere in the business stack, keep them off the same sender identity.

8. Add monitoring before calling it done.

  • Track delivery success rates in Make.com plus mailbox feedback loops where available.
  • Set alerts for bounce spikes above 2 percent and complaint spikes above 0.1 percent.

9. Verify Cloudflare settings on related web assets only.

  • Do not proxy mail-related DNS records that should stay direct.
  • Keep SSL active on portal pages linked inside emails so recipients do not hit browser warnings after clicking.

10. Document secrets and ownership changes.

  • Store SMTP/API keys in environment variables only.
  • Remove hardcoded credentials from scenarios where possible.
  • Limit access to whoever actually needs to edit production automations.

If I were fixing this as Launch Ready work, I would treat it as a production trust issue first and a template issue second. That order avoids wasting time polishing copy while authentication remains broken underneath.

Regression Tests Before Redeploy

1. Authentication check

  • SPF passes on live sends.
  • DKIM passes on live sends.
  • DMARC aligns with the visible From domain.

2. Inbox placement check

  • Test delivery to Gmail, Outlook, iCloud Mail, and one corporate mailbox if available.
  • Acceptance target: at least 3 out of 4 land in Inbox or Primary folder on clean test accounts.

3. Content safety check

  • No broken links or mixed-content warnings.
  • No placeholder text like `[name]` or `[link]`.
  • No accidental secret exposure in email body or headers.

4. Automation behavior check

  • One Airtable update triggers exactly one email send.
  • No duplicate runs within 60 seconds unless intentionally configured.

5. Load behavior check

  • Simulate 20 to 50 portal events over 10 minutes if your workflow expects bursts.
  • Acceptance target: zero failed sends and no queue buildup beyond expected latency.

6. User experience check

  • The recipient sees clear branding from the same domain they expect to trust.
  • The email explains what happened in plain language with one primary action button only when needed.

7. Security check

  • Secrets are not visible inside Make modules logs or shared screenshots.

```

8e9f...redacted

This kind of token should never appear in plain text anywhere public-facing.)

8e9f...redacted

8e9f...redacted

8e9f...redacted

8e9f...redacted

8e9f...redacted

8e9f...redacted

8e9f...redacted

8e9f...redacted

8e9f...redacted

## Prevention

I would put guardrails around three layers: DNS trust, automation hygiene, and observability.

- DNS trust:
  - Keep SPF slim and accurate.
  - Rotate DKIM keys when providers change.
  - Use DMARC reports monthly to catch spoofing attempts early.

- Automation hygiene:
  - Review every new Make.com scenario before production use against a checklist: sender identity, rate limiting, error handling, retries, duplicates, secrets access.
-- Use versioned templates for portal emails so changes do not drift silently over time.

- Observability:
-- Alert on bounce rate above 2 percent for transactional flows.
-- Alert on complaint rate above 0.1 percent .
-- Log message IDs so support can trace one customer issue end to end without guessing .

- UX guardrails:
-- Tell users exactly what email address will receive notifications during signup .
-- Offer resend controls only after a delay to avoid accidental spam loops .
-- Show delivery status inside the portal so customers do not keep retrying .

- Code review guardrails:
-- Review changes that touch sender domains , webhook payloads , Airtable formulas , or HTML templates as production-critical .
-- Prefer small safe changes over rewrites when deliverability is already unstable .

## When to Use Launch Ready

Use Launch Ready when this problem is blocking revenue , onboarding , or support . If your client portal depends on reliable notifications , then bad inbox placement becomes a conversion problem , not just an IT problem .

Launch Ready fits best when you need me to fix this fast without turning your stack upside down .
- Domain , redirects , subdomains , Cloudflare , SSL .
- DNS records for SPF , DKIM , DMARC .
- Production deployment checks .
- Environment variables and secrets hygiene .
- Uptime monitoring .
- Handover checklist so your team knows what was changed .

What I need from you before I start:
- Access to domain DNS .
- Access to Cloudflare if used .
- Access to Make.com scenario editor .
- Access to Airtable base structure .
- Your current mail provider login .
- Three example emails that landed in spam .
- A list of who receives these emails and how often .

If you already have a working portal but inbox placement is hurting activation by even 10 percent , I would fix this before spending more on ads . Paying for traffic into a broken notification system just increases waste .

## Delivery Map

flowchart TD A[Founder problem] --> B[cyber security audit] B --> C[Launch Ready sprint] C --> D[Production fixes] D --> E[Handover checklist] E --> F[Launch or scale]

## References

- https://roadmap.sh/api-security-best-practices
- https://roadmap.sh/cyber-security
- https://roadmap.sh/qa
- https://www.cloudflare.com/learning/dns/dns-records/spf/
- https://support.google.com/a/topic/2752442?hl=en&ref_topic=2683820

---

## Take the next step

If this is a problem in your product right now, here is what to do next:

- **[Use the free Cyprian tools](/tools)** - estimate cost, score app risk, check launch readiness, or pick the right service sprint.

- **[Book a discovery call](/contact)** - I will tell you honestly whether you need a sprint or if you can DIY the next step.

*Written by Cyprian Tinashe Aarons - senior full-stack and AI engineer helping founders rescue, launch, automate, and scale AI-built products.*
Next steps
Pillar page Tools
About the author

Cyprian Tinashe AaronsSenior Full Stack & AI Engineer

Cyprian helps founders rescue, secure, deploy, and automate AI-built apps with production-grade engineering, launch systems, and AI integration.

Author bio