How do corporate/enterprise filters behave differently from consumer ISPs?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
You send a campaign, your consumer inbox rates look fine, but half your B2B contacts never saw a thing. Sound familiar? That's corporate filtering at work, and it plays by completely different rules than Gmail or Yahoo Mail.
Consumer ISPs like Gmail and Yahoo lean heavily on machine learning and engagement signals. They watch what millions of users actually do with your emails: open rates, click rates, spam reports, whether people move messages out of spam. Their filters get smarter over time based on collective user behavior. That's why reputation with consumer inboxes is something you build gradually by sending mail people want.
Corporate filters work differently at a fundamental level. Products like Barracuda, Proofpoint, Mimecast, and Microsoft 365 Defender sit in front of the inbox as gateway filters. They scan every message before it even reaches the mailbox. And critically, an IT admin at that company has configured the rules. A human made these decisions, not a collective user signal.
What kinds of rules does an IT admin set? Things like:
- Block all email from senders not on an approved list
- Quarantine any message with links to domains registered in the last 30 days
- Reject bulk mail categories entirely, regardless of engagement history
- Strip or flag attachments over a certain size or file type
- Block or quarantine messages that fail DMARC alignment
Notice what's missing from that list: your reputation with Gmail. A pristine consumer sender score means almost nothing if an enterprise's IT policy says "no unsolicited marketing from external domains." That's not a reputation decision. It's a policy decision. And policies don't care that your open rates are great.
Another key difference is visibility. Consumer ISPs give you feedback loops, bounce codes, and tools like Google Postmaster Tools so you can diagnose problems. Corporate environments often give you very little. A message might vanish into a quarantine folder your contact never checks, and you'll get no bounce at all. You just won't hear back.
What this means practically for B2B sending:
- Authentication is non-negotiable. SPF, DKIM, and DMARC alignment are table stakes. Many enterprise gateways reject unauthenticated mail outright before any other rule fires.
- Ask your contacts to whitelist your sending domain. This is genuinely the most reliable fix. If the person you're trying to reach wants your mail, they or their IT team can add your domain to the allow list.
- Keep your domain reputation clean. Even policy-based filters often check blocklists like Spamhaus as a first pass. A blocklist hit will stop you regardless of any other signal.
- Watch for silent failures. If you send to corporate addresses and see abnormally low engagement with no bounces, missing messages (not bounced, just gone) is a sign of corporate quarantine, not disinterest.
It's also worth knowing that corporate filters often behave differently per company, not per provider. Two companies both using Mimecast can have completely different policies because their IT teams configured things differently. There's no single "Mimecast behavior" the way there's a consistent "Gmail behavior." (That makes corporate deliverability harder to diagnose, but easier to fix once you identify the right contact.)
If your sending patterns look fine across consumer ISPs but B2B contacts keep going quiet, start with your authentication, then check your domain against major blocklists. Our free blocklist checker takes about 30 seconds and will tell you if you've got a reputation problem that's feeding into those corporate policy decisions.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.