Law Firm Email Deliverability
A potential client submitted your intake form. You never saw it.
They needed a lawyer. They found your firm, read through your practice areas, and filled out the consultation request form. The notification email went to your spam folder. They waited 48 hours, didn't hear back, and called the firm down the street. You lost a client worth $5,000-50,000+ because of an email you never received.
Google tightened their sender requirements in 2024, Microsoft started rejecting non-compliant email in May 2025... and most law firm websites, built by marketing agencies who handle design and SEO but not email infrastructure, were never configured for any of this.
By Valentin Bora. 25 years building for the web. Configured email infrastructure for sites handling 12M+ monthly visitors. 5.0/5 on Codeable (166 projects).
What it actually costs you
The client who doesn't hear back
calls another firm.
Someone needs a lawyer. They're stressed, they're Googling at 10pm, and they're looking for someone who responds quickly. They find your website, read your practice area pages, and fill out the intake form. That form generates an email notification to you. The email goes to your spam folder. You don't see it until three days later... if you see it at all. By then, they've already retained someone else. The client engagement that could have been worth $10,000-50,000 just went to a competitor who had their email working.
The math is straightforward. A personal injury case: $10,000-100,000+ in fees. A business litigation matter: $15,000-50,000. A family law case: $5,000-15,000. An estate plan: $3,000-5,000. Even at the low end, missing one intake form per month because the notification went to spam costs $36,000-60,000/year in lost revenue. And you're probably spending thousands per month on SEO, Google Ads, and legal directories to get those leads to your site in the first place.
It's not just the initial intake. If your site sends appointment booking confirmations (through Bookly, Amelia, or Gravity Forms), those might not be arriving either. A potential client books a free consultation, doesn't get the confirmation, isn't sure it went through, and either calls to double-check (wasting your receptionist's time) or just doesn't show up. Every no-show is 30 minutes you blocked out for nothing.
And consider the follow-up emails. You send a retainer agreement or engagement letter by email. It lands in spam. The client thinks you forgot about them. They call another firm "just to compare." You didn't lose them on merit... you lost them because an email didn't arrive. In legal services, where trust is everything, a slow or missing response destroys confidence before you've even had a conversation.
The worst part: you can't tell it's happening. The people who fill out your form and never hear back don't call to complain. They call someone else. The leads silently disappear and you blame the market, the ad spend, or the website design. The website worked fine. The email didn't.
Why this happens
Your website was built to look credible,
but nobody configured the email.
The agency handled design, not infrastructure
Law firm websites are usually built by agencies that specialize in legal marketing. They build an authoritative-looking site, set up intake forms, integrate with your phone tracking, and optimize for local SEO. Nobody configures DNS authentication because it's not in the scope... and frankly, most legal marketing agencies don't know how. The form works when they test it. Months later, Gmail tightens their filtering and the emails start disappearing. The agency either can't diagnose it or charges you for hours of guesswork.
Shared hosting, shared reputation
Your WordPress site is probably on a shared server with hundreds of other sites. When any of those sites send spam, the IP gets flagged. Gmail and Outlook don't distinguish between your legitimate client intake notification and the junk from the site next door. Same IP, same reputation. Your potential client's consultation request is guilty by association, and you have no control over it.
Missing or broken DNS authentication
SPF, DKIM, and DMARC are DNS records that tell email providers "yes, this message really came from my domain." A 2024 analysis of the top 1 million domains found that 39% lacked even a basic SPF record, and roughly 86% had no effective DMARC protection. Law firm websites are no exception. DNS is set up when the domain is registered, someone picks a hosting plan, and nobody touches it again until something breaks.
The rules just got stricter
Google and Yahoo started enforcing new sender requirements in February 2024... SPF and DKIM authentication, a published DMARC record, spam complaints under 0.3%. Microsoft followed in May 2025, starting to reject non-compliant mail outright. If your firm's website hasn't been configured for these requirements, your intake form notifications are increasingly likely to get filtered or bounced entirely. This is why the problem may have appeared recently even though nothing changed on your end.
Your intake forms rely on WordPress's broken mail system
By default, WordPress uses PHP's mail() function. No authentication, no verification, no way for the receiving server to confirm the message is legitimate. Every intake form submission, every appointment notification, every automated response from your firm's website goes through this same unauthenticated channel. Your practice management software (Clio, MyCase, PracticePanther) sends email through its own servers. But your website... where the intake form lives... uses PHP mail() unless someone configured it otherwise. And for most law firm sites, nobody did.
Law firm websites are typically straightforward to fix. One or two intake forms, maybe a booking plugin. DNS authentication, a proper sending service, and it's done within 24 hours. The ROI is obvious the first time you catch a lead you would have missed.
The numbers
One missed client per month pays for the fix 100x over.
What's a new client worth to your firm? A personal injury case on contingency: $10,000-100,000+ when it settles. A family law matter: $5,000-15,000. Business litigation: $15,000-50,000. Estate planning: $3,000-5,000. Criminal defense: $5,000-25,000. Even at the lowest end of any practice area, one client per month that you lose because the intake form email went to spam costs you more per year than you'd spend on a junior paralegal.
Think about what you spend to get those leads in the first place. Law firm PPC costs average $50-100+ per click in competitive markets. An intake form submission might cost you $200-500 in ad spend to generate. If that $500 lead generates a form submission and you never see it because the email went to spam, you just burned $500 and the lead. The fix costs $59. Once.
And then there's the referral cascade. A client you serve well refers two more. A client you never respond to tells people you ghosted them. In legal services, reputation is the business. Every unanswered intake form isn't just one lost client... it's the referrals that client would have sent your way for years. The lifetime value of a client relationship in legal services is often multiples of the initial engagement.
avg client value across practice areas
per click for legal PPC ads
global inbox placement (Validity 2025)
inbox rate with full authentication
The process
Six steps from broken to fixed.
This is the same process I follow on every engagement. Most fixes are done within 48 hours.
Run the free scan
Enter your domain on this site. You'll see exactly which SPF, DKIM, DMARC, and MX records are missing or broken.
Full diagnostic
I run SPF, DKIM, DMARC, MX, reverse DNS checks, scan 120+ blacklists, and assess your sending reputation.
You share DNS access
I'll need login or delegate access to wherever your DNS is managed... Cloudflare, GoDaddy, Namecheap, Bluehost, SiteGround, Hostinger, or Squarespace Domains.
DNS + sending service fixed
I configure SPF, DKIM, DMARC records and set up your sending service... SendGrid, Postmark, SES, or SMTP plugin.
Inbox placement verified
I send test emails to Gmail, Outlook, and Yahoo and confirm they land in the inbox. You get screenshots as proof.
Report + walkthrough
Loom video explaining what was broken and what I changed, plus a written report with all DNS records for your files.
About DNS access: I work with all major providers. If you're not sure where your DNS is managed, I'll help you figure it out. If you'd rather not share credentials, I can give you exact records to add yourself... but direct access means faster turnaround and fewer back-and-forth messages.
Next step
Find out what's broken
in 30 seconds.
Run a free scan on your domain. Checks SPF, DKIM, DMARC, MX, and who manages your DNS. Plain English, no account required.
Issues found? I'll fix them for $59.
- ✓ SPF, DKIM, DMARC, and MX record fixes
- ✓ DNS published and re-scanned to confirm
- ✓ 24–48 hour turnaround
- ✓ Money-back if I can't improve your setup
Complex multi-sender or WordPress SMTP setups? Book a call and we'll scope it together.
100% money-back guarantee
If you're not happy with the result for any reason, you get a full refund. No conditions, no hoops.
Who's fixing this
Valentin Bora
I've been building and managing web infrastructure for 25 years. I've configured email systems for sites handling 12M+ monthly visitors, including G4Media (Romania's largest independent news group, 3M+ monthly readers). Email infrastructure is something I deal with on nearly every project because it's one of the first things that breaks when a site scales... and one of the last things anyone bothers to check until customers start complaining.
I work through Codeable, an exclusive freelancer network where only 2% of applicants get in. Codeable holds a 4.8/5 on Trustpilot. My personal rating across 166 projects is 5.0/5.
years in web infrastructure
projects on Codeable
client rating
monthly visitors managed
"I've worked with many developers and engineers throughout my career. Valentin is amazing. I could sense his talent, knowledge, and experience immediately; which is typical of extremely bright developers yet also very rare."
Mike C."Above & beyond what was required. Not just capable but reliable and most of all, an absolute genuine pleasure to work with. Of all the developers I've worked with, this is an absolute 1st!"
Kiran B."This guy is a lifesaver! My business was crippled for almost three weeks. Once Valentin and I connected he had my problem solved in a few hours of work."
Tara N.All reviews from Codeable
Frequently asked questions
Things people usually ask me about this.
Why aren't my consultation request emails arriving?
Almost always authentication. Your WordPress site sends form notifications through PHP's mail() function on a shared server where hundreds of other sites share the same IP. Gmail and Outlook check that IP's reputation, and if any of those sites have been sending junk... your client intake notification gets lumped in. On top of that, most law firm websites are missing SPF, DKIM, and DMARC records. A 2024 analysis of the top million domains found 39% lacked even a basic SPF record, and about 86% had no effective DMARC. Google started enforcing stricter requirements in February 2024, Microsoft followed in May 2025. If your site hasn't been configured for these rules, your lead notifications are getting filtered.
Will this fix both our contact form and client intake form emails?
Yes. The fix is at the infrastructure level... DNS authentication and sending configuration. Once that's set up properly, every email your WordPress site sends goes through the same clean pipe: contact form submissions, client intake forms, appointment booking confirmations, document request notifications, newsletter campaigns, and anything sent by Gravity Forms, WPForms, Contact Form 7, or any other plugin. If WordPress sends it, the fix covers it.
Are there confidentiality concerns with email deliverability fixes?
I don't need access to your email content, client data, or case files. The fix is entirely at the DNS and sending infrastructure level... adding authentication records to your domain and configuring how your WordPress site routes email. I work in your domain's DNS settings and your WordPress admin panel. No client information is involved in the process. If you have specific compliance requirements, I'm happy to discuss them before we start.
We use Clio/MyCase/PracticePanther. Will this affect our practice management emails?
If your practice management software sends email through its own servers (most do), the fix won't interfere with it. But there's an important catch: when I set up DMARC for your domain, it creates an authentication policy that applies to all email sent using your domain name. If your practice management tool sends email as yourfirm.com but isn't included in your SPF and DKIM records, those emails could get blocked. I check for this during the diagnostic and make sure every legitimate sending source is properly authorized.
How fast will this be fixed?
Most fixes are done within 24-48 hours. Run the free scan first; if issues are found, I'll fix them for $59.
What if our emails still go to spam after the fix?
Then I keep working. It's not done until your intake notifications actually arrive in your inbox and your client communications reach their inbox. Most issues are resolved with DNS authentication and proper sending configuration, but sometimes there's something deeper... a blacklisted IP, or domain reputation damage from a previous owner. I'll find it and fix it. If for some reason I can't solve it, you get a full refund. That hasn't happened yet.
Do we need to change our hosting?
No. The fix works with whatever hosting you're on. I route your email through a proper sending service that bypasses your hosting server's mail system entirely. Your website stays where it is, your domain stays the same, nothing changes from a visitor's perspective. The only difference is that form notifications and client emails now go through a clean, authenticated channel instead of your shared hosting IP.
Our web agency said they'd handle it but the problem keeps coming back.
This is common. Web agencies typically know design, SEO, and maybe basic WordPress admin. Email infrastructure is a different specialization. They might install an SMTP plugin (which helps), but without configuring the DNS authentication records, it's only half the fix. The plugin routes email through a better service, but the receiving server still can't verify the message is legitimate without SPF, DKIM, and DMARC. I fix the root cause at the DNS level so it doesn't break again when email providers update their rules.
Your emails might be going to spam right now.
Find out in 30 seconds.
Run a free scan on your domain... checks SPF, DKIM, DMARC, blacklist status, and who manages your DNS. Instant results, plain English, no account required.
Every day your emails land in spam is a day you're losing clients.
Based in Europe (EET/EEST). Working hours overlap with US East Coast, UK, and Australia. Most fixes delivered within 24-48 hours regardless of timezone.
Last updated: May 2026