Hi @Namo ,

When Splunk alert emails land in your junk/spam folder, it's usually an issue not with Splunk itself, but with how the email is being handled by your mail server, client, or spam filters.

If you control your mail client or domain filters:

• Add the From address to your safe sender list.

• Whitelist the Splunk server IP or domain in your Exchange / Outlook / Gmail policies.

Hi @Namo 

This is typically an email server/client configuration issue rather than a Splunk problem. The emails are being flagged as spam by your email provider's filters.

Are you able to add Splunk server to safe senders list? 

The other things to check are the email server reputation of the SMTP server configured in Splunk as bad reputation of email server can also cause your receiving server to flag as spam, the sending SMTP service should have proper SPF/DKIM/DMARC records to reduce being detected as spam.

🌟 Did this answer help you? If so, please consider:

• Adding karma to show it was useful
• Marking it as the solution if it resolved your issue
• Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

@Namo 

If Splunk is sending emails from a domain that lacks proper authentication (SPF, DKIM, DMARC), email providers may flag it as spam. Check this internally with your IT team. 

Ensure the sending domain is properly configured:

• SPF: Add Splunk’s sending IP to your domain’s SPF record.
• DKIM: Sign outgoing emails with DKIM if possible.
• DMARC: Set up a DMARC policy to monitor and enforce authentication

Junk folders are normally controlled by the email server (not Splunk). If the email server recognises it as (potential) junk, it will move it the junk folder. This is often based on whether the sender has a history of sending other "junk" email, the sender's address doesn't match the reply-to address, the email contains links to "unrecognised" sites, etc. There are many possible options. If you want this to be fixed, you should contact your email provider and ask them why the messages end up in junk and what can be done about recognising them as legitimate messages. If you share the email server with others, there may not be anything that the email provider is willing to do, as it might impact other users.

@Namo Check this https://community.splunk.com/t5/Splunk-Search/how-to-send-Splunk-email-alert-to-inbox-not-junk-mailb...