Mitigating High Spam Report Rates
Email providers and mailbox providers (Gmail, Outlook, Yahoo, etc.) track how often recipients mark messages as spam. If your complaint rate climbs too high, your sending domain or IP reputation can suffer, causing your authentication emails (OTPs, magic links, invites, and notifications) to land in spam folders or get blocked entirely. This guide walks through how to monitor for spam complaints, identify what's causing them, and put controls in place to bring your rate back down.
Why this matters
A high spam complaint rate doesn't just affect the flagged messages — it can degrade deliverability for all mail sent from your domain or through your configured connector, including business-critical emails like password resets and login links. Mailbox providers and email service providers (such as AWS SES, SendGrid, or your SMTP host) may throttle, pause, or suspend sending if complaint rates exceed their thresholds.
What you can do
1. Monitor bounces and complaints
Before you can fix a high spam rate, you need visibility into it.
- Use your email provider's native monitoring. If you've connected a custom email connector (AWS SES, SendGrid, or generic SMTP), use that provider's built-in bounce, complaint, and reputation tooling — for example, AWS SES suppression lists and Virtual Deliverability Manager, or SendGrid's suppression and activity feeds. These tools let you stop sending to addresses that have already bounced or complained, which is the single biggest lever for reducing your complaint rate.
- Review Descope Audit Logs. The Audit and Troubleshoot page in the Descope Console shows a record of messages sent through your project, which can help you correlate spikes in complaints with specific flows, templates, or time windows.
- Export and inspect flagged messages. If your provider supports it, pull the
.emlfile for a complained-about message and check its headers, content, and send path — the same approach used in troubleshooting email sending delays.
2. Diagnose what's causing complaints
Once you have data, look for patterns. Common root causes include:
- Unverified or scraped addresses. If your sign-up or contact form collects email addresses without verification, it may be exposed to bots or bad actors submitting addresses that don't belong to them, causing complaints from people who never asked for the email. Descope's OTP and Magic Link settings include an Allow Unverified Recipient Email Addresses toggle (off by default) — enabling it increases fraud and spam risk, so only turn it on if you have other verification controls in place. See the OTP settings and Magic Link settings docs.
- Excessive message volume to the same recipient. Sending too many OTPs, magic links, or retries to one address in a short window is a common trigger for spam reports. Descope lets you configure Number of Retries and Attempts Timeframe on both OTP and Magic Link authentication methods, which caps how many messages a single recipient can receive in a given period.
- Abuse or bot traffic driving sends. If bots or scripts are triggering sign-up, login, or password-reset flows at volume, this can flood addresses with unwanted email. Use the Check Rate Limit flow action (available on Growth and Enterprise plans) to rate-limit by IP, ASN, or device fingerprint (JA4) before an email is sent, which helps prevent both brute-force abuse and email spam.
- Missing or broken sender authentication. Emails sent without valid SPF, DKIM, and DMARC records are more likely to be flagged as spam or spoofed, and any spam that does slip through is more damaging to your domain's reputation. Verify these DNS records for the sending domain configured on your email connector.
- Sending from a domain users don't recognize. If emails come from a generic or unfamiliar sender address, recipients are more likely to mark them as spam simply because they don't recognize the sender. Configure a custom Sender Address and Sender Name on your SMTP, AWS SES, or SendGrid connector, using a domain your users associate with your brand.
- Template content that reads as spammy. Excessive links, images, or urgent/promotional language in the email body can trigger both spam filters and manual complaints. Review and simplify your custom email templates.
3. Implement changes
Based on your findings, make targeted changes, for example:
- Add or tighten retry/attempt limits on OTP and Magic Link methods.
- Add a Check Rate Limit action earlier in the flow to block automated abuse before an email is ever sent.
- Turn off (or add compensating controls around) unverified recipient sending.
- Fix SPF/DKIM/DMARC records for your sending domain.
- Simplify email templates and ensure any unsubscribe or opt-out mechanism your own emails reference is present and functional.
- Enable your email provider's suppression list so bounced or complained-about addresses are automatically excluded from future sends.
Roll out one change at a time where possible so you can measure its effect on your complaint rate before moving to the next.
4. Confirm the fix
After implementing changes, continue monitoring bounce and complaint data (via your connector provider's tools and Descope Audit Logs) to confirm the rate is trending down. If you're operating under a review or sending pause from your email service provider, be prepared to summarize:
- What caused the high complaint rate.
- What changes you made to your sending configuration or flows.
- Why those changes prevent the issue from recurring.
Keeping your complaint rate low going forward
Bringing your rate down once isn't the end of the work — mailbox providers and ESPs continue to track your reputation over time. Keep retry limits, rate limiting, and sender authentication in place, periodically review Audit Logs for unusual sending spikes, and re-evaluate your templates and verification settings whenever you change sign-up or notification flows.
If you continue to see elevated complaint rates after implementing these controls, contact Descope support for further assistance.