![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 60%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMZ%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
When mail sent from a custom domain through Exchange Online lands in Gmail spam, it is typically caused by an authentication or reputation problem. Gmail heavily evaluates SPF, DKIM, and DMARC alignment, as well as sending reputation and message structure.
First confirm SPF is correct. Your domain’s DNS should contain a TXT SPF record that includes Microsoft 365. A typical record looks like:
selector1._domainkey.yourdomain.com CNAME selector1-yourdomain-com._domainkey.yourtenant.onmicrosoft.com
selector2._domainkey.yourdomain.com CNAME selector2-yourdomain-com._domainkey.yourtenant.onmicrosoft.com
If you have other senders (mail services, websites, etc.), they must also be included. If SPF fails or the sending IP is not authorized, Gmail will strongly penalize the message.
Next ensure DKIM signing is enabled in Exchange Online. Even if SPF passes, Gmail prefers DKIM-aligned messages. In Microsoft 365 you should enable DKIM for the domain after publishing two CNAME records. They usually look like:
selector1._domainkey.yourdomain.com CNAME selector1-yourdomain-com._domainkey.yourtenant.onmicrosoft.com
After the records propagate, enable DKIM in Microsoft 365 Defender or Exchange Admin Center.
Then configure a DMARC record. Without DMARC, Gmail has less trust in the domain and cannot verify alignment policies. A common starting record is:
_dmarc.yourdomain.com TXT "v=DMARC1; p=none; rua=mailto:******@yourdomain.com; fo=1"
Once you confirm authentication works, you can later move to stricter policies such as p=quarantine or p=reject.
You should also check the Gmail message headers for the authentication results. In Gmail open the message, choose “Show original,” and look for lines similar to:
spf=pass
dkim=pass
dmarc=pass
If any of those fail or show “softfail” or “none,” Gmail will often classify the message as spam.
Another common cause is domain or IP reputation. If the domain is new or has sent little email, Gmail treats it cautiously. Gradual sending and normal conversational replies can help build reputation. Avoid sending identical bulk emails from a new domain.
Also verify reverse DNS and sending infrastructure. With Exchange Online this is normally already correct, but issues can occur if messages are routed through another system or relay before Microsoft 365.
Finally check message content and formatting. Messages with only links, aggressive marketing language, or no plain-text part can trigger spam filtering even when authentication passes.
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin