What is quarantine?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
You send an email. It doesn't land in the inbox. It doesn't land in spam. It just... disappears. That's quarantine.
Quarantine is where suspicious messages sit in limbo while a security system decides what to do with them. Corporate email gateways (like Barracuda or Microsoft's Exchange Online Protection) use quarantine to catch phishing, malware, and policy violations before they reach employees. The message isn't deleted, and it isn't delivered. It's held for review.
Here's what makes quarantine different from spam. When your email lands in spam, the recipient can still find it (if they check their spam folder). When your email gets quarantined, the recipient never sees it at all. IT admins review quarantined messages and decide whether to release them, delete them, or leave them in holding.
From a sender's perspective, quarantine is one of the worst outcomes. Your bounce logs won't show it (the gateway accepted the message). Your deliverability reports won't flag it (it didn't hard bounce). But your recipient never got the email. This is why corporate email is harder to reach than consumer inboxes like Gmail or Outlook. Consumer systems mostly use spam folders. Corporate systems quarantine aggressively.
Common triggers for quarantine include missing or broken authentication (no SPF or DKIM), suspicious links (especially URL shorteners or newly registered domains), attachment types that trigger security policies (like .exe or .zip files), and sender reputation issues (your domain or IP is flagged somewhere).
If you're sending transactional email (password resets, receipts, shipping notifications), quarantine can break your user experience. Someone tries to reset their password, the email gets quarantined, they never receive it, and they assume your system is broken. That's why authentication matters so much for transactional senders. A missing DKIM signature can be the difference between inbox and quarantine.
You can't prevent every quarantine (corporate security policies vary wildly), but you can reduce the risk. Authenticate your domain properly. Avoid URL shorteners and sketchy link practices. Warm up new IPs and domains slowly. Keep your lists clean so you're not triggering spam traps. And if you're sending to corporate addresses, test your setup with our Email Header Analyzer to make sure your authentication passes (or ask us if you're stuck with it ;)
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.