How to troubleshoot corporate filters and gateways?

Still have a question, spotted an error, or have a better explanation or a source we should cite?

You've confirmed the email sent. Your authentication is clean. But somewhere inside a corporate network, a gateway is quietly eating your message. This is one of the most frustrating delivery problems in B2B email, partly because you rarely get a clear error back.

Here's how to actually work through it.

Step 1: Read the headers to identify the filter

If you get a bounce or a non-delivery report, open the raw email headers. Look for the filter vendor's signature. Common corporate gateways you'll see named there include Barracuda, Spamhaus, Proofpoint, Mimecast, and Microsoft 365 Defender. Each one has a different logic, different blocklists it checks, and different paths to resolution.

So if you don't get a bounce at all, that's a different problem. Your email was likely accepted by the receiving server but silently dropped or junked after delivery. That's Step 1 in a different workflow.

Step 2: Check the blocklists that corporate gateways actually use

Consumer mailbox providers like Gmail mostly rely on their own internal reputation signals. Corporate gateways are different. They pull from external blocklists, and they each have their own preferences. Barracuda has its own blocklist you can check and request removal from directly. Spamhaus is used widely across corporate environments. Proofpoint and Mimecast maintain their own proprietary reputation data on top of that.

Run your sending domain and IP through a blocklist checker to see if anything is flagged. You can use our free blocklist checker if you want a quick read. Clean results don't fully rule out a filter block, but they eliminate the most obvious cause fast.

Step 3: Rule out your own authentication

Corporate gateways are stricter about SPF, DKIM, and DMARC than most consumer inboxes. A soft SPF fail that Gmail ignores might trigger a hard block at a Proofpoint gateway. Check that all three are set up correctly and that your sending IP is actually covered by your SPF record. If you want to double-check your SPF, our free SPF checker runs through it in seconds.

Step 4: Accept that some things are outside your control

Now this is the part that's frustrating to hear, but it's true. Corporate gateways are configured by IT administrators, and those configurations can block entire categories of email regardless of how clean your sending reputation is. Some companies block all marketing email at the policy level. Others have custom rules that flag certain words, attachment types, or sending domains.

You won't know what those rules are, because IT admins don't publish them. (That's kind of the point.)

What you can do is ask the recipient to check with their IT team and request an exception or whitelist for your domain. It's an awkward ask, but in a genuine B2B relationship it's a reasonable one. Frame it as "our emails might be getting caught by your company's email security system" rather than "can you whitelist me." The first sounds like a shared problem. The second sounds like a workaround request.

Step 5: Separate your transactional and marketing sends

If you're sending both transactional messages (contracts, invoices, account notifications) and marketing email to corporate addresses, make sure those streams are separated. A Proofpoint gateway that's seen your IP associated with bulk marketing may apply more scrutiny to your transactional sends. Keeping them on different IPs or subdomains reduces that risk.

Corporate email troubleshooting rarely has a single clean fix. It's a process of eliminating causes until you find the one you can actually address. If you're stuck mid-investigation and want a second pair of eyes, our SOS hotline is free and we'll help you work through it.

Contributors

Who worked on this answer

Every name links to their profile. Every company links to their site. Real people, real accountability.

Ask an AI · tailored to your setup

Paste your bounce message or email headers and get a diagnosis

My emails are getting blocked by a corporate email gateway and I need help diagnosing it. Tell me: 1) Which corporate gateway is most likely blocking them based on bounce message or header details, 2) Which blocklists I should check first for my sending domain domain and IP IP address, 3) What authentication issues (SPF, DKIM, DMARC) are most likely to trigger a corporate filter block, 4) What I can realistically ask the recipient's IT team to do.

Edit the yellow boxes, then send to the AI of your choice.