Live Direct Marketing logo
Inbox Placement Test
Industries9 min read

Law firms and the undelivered-invoice problem

Your firm billed $48,000 in April. By July, $11,200 was still uncollected. Three of those invoices — worth $4,100 — never reached the client's inbox at all. Your billing system says "sent". Your client says "I never got it". They're both right.

Law firms run two email workloads simultaneously: confidential client communication (case updates, discovery responses, settlement offers) and high-volume billing (monthly statements, retainer replenishment notices, collections reminders). The first is low-volume and extremely high-stakes. The second is higher-volume and directly affects firm cash flow. Both have characteristic deliverability failure modes that most firms never diagnose.

TL;DR

Law firms need two sending identities: a main firm domain for client communication with strict DMARC, and a separate billing subdomain for statements and collections. PDFs on both, but treated differently — confidential case PDFs need encryption-gateway integration, billing PDFs need link-based alternatives. Weekly seed tests on both streams, with particular attention to corporate-client Microsoft 365 tenants.

Confidential case communication

The primary risk in case-communication email is not volume — it's that a single undelivered message can miss a filing deadline, a discovery cutoff, or a settlement window. Those failures produce malpractice exposure. Standard firm practice assumes email is reliable. It is not.

Failure modes in order of frequency:

  • Corporate-client Microsoft 365 tenants with aggressive third-party sender policies. The firm's email lands in quarantine and the client's IT team never releases it. The client doesn't see it for days.
  • Large PDF attachments (briefs, pleadings, discovery responses). Anything over 10MB gets deferred or bounced; anything over 20MB will bounce at most receivers.
  • Reply-chain fragmentation. An attorney forwards a thread to opposing counsel, who forwards to co-counsel, who cc's their client — and somewhere in the chain DKIM alignment breaks and later messages start landing in spam.
  • Urgency and confidentiality language ("URGENT: privileged and confidential") that triggers spam classifiers even when the message is entirely legitimate.

Practical mitigations

  1. For every active matter, request that the client (or their corporate IT) whitelist the firm's sending domain during the matter-opening process. Build it into the engagement letter.
  2. Use a secure document-sharing portal (NetDocuments, iManage Share, Litera Transact) for any document over 5MB. Email becomes "logged into the portal, document X is available".
  3. Keep subject lines specific and free of urgency language. "Discovery response — Matter 2026-0341 Smith v. Jones" outperforms "URGENT: RESPONSE NEEDED" by a wide margin.

Billing statements and collections

Monthly billing at a 40-attorney firm might send 600–1,200 statement emails at month-end. Each statement is a PDF attached to a short "please find attached your invoice" email. The pattern is almost identical to invoice-fraud phishing, and spam filters score it that way.

Typical delivery numbers for firms that have never audited the billing stream:

  • Gmail consumer: 55–70% primary inbox, 20–35% Promotions, 5–15% Spam.
  • Outlook consumer: 60–80% Focused, 15–30% Other, 5–10% Junk.
  • Corporate Microsoft 365: 70–90% inbox, 5–20% quarantine, 2–10% junk.

A 10% non-inbox rate against 600 statements is 60 clients who have not seen their bill. If half of those bills would have been paid inside 30 days and now float into 60+ day receivables, firm cash flow slows materially.

The billing-subdomain pattern

Separate billing mail onto billing.firmname.com with its own sending infrastructure. Warm it over 4–6 weeks if you're setting it up new, then use it exclusively for billing-related email. This keeps the financial-keyword scoring away from the main firm domain and gives you an isolated stream to monitor.

In the statement email itself, replace the attachment with a link to a client-portal view of the invoice. Clients log in once (SSO or magic link), see the invoice on-screen, download a PDF if they want, and pay online. The email that used to trigger phishing patterns now looks like a clean transactional notification.

Seed-test every billing template change

Before rolling out a revised billing-email template to all clients, drop it through a seed test. Inbox Check tells you exactly where the message lands at Gmail, Outlook 365 (consumer and Microsoft 365 business tenants matter here), Yahoo, and Apple Mail. Most firms discover that a single subject-line tweak moves Gmail primary from 60% to 85%.

DMARC and the impersonation risk

Law firms are regular phishing targets. Business Email Compromise (BEC) against firms often impersonates a partner and requests wire changes on a pending settlement or real-estate closing. Every week, the FBI publishes advisories about exactly this pattern.

The defence is strict DMARC on the main firm domain:

  • Start at p=none with rua reports going to a dedicated mailbox or a DMARC monitoring service.
  • Review reports weekly for two weeks. Expect to find 3–8 legitimate sending services you didn't know about (the HR tool, the CLE registration platform, the legal-research subscription).
  • Bring all legitimate services under SPF/DKIM, then move to p=quarantine; pct=10, ramp up over six weeks, then to p=reject.

At p=reject, any email claiming to be from the firm domain that isn't authenticated gets blocked before it reaches anyone. That stops the impersonation scenarios that put clients' settlement funds at risk.

Privilege, encryption, and deliverability

Many firms use an encryption gateway (Proofpoint Encryption, Zix, Virtru, or Microsoft 365 Message Encryption) for sensitive client communication. These gateways rewrite the message — the recipient gets an email saying "you have a secure message, click to read" with a portal link. That's functionally fine, but creates its own deliverability problems:

  • The notification email comes from the encryption provider's domain, not the firm's. Clients who aren't expecting it treat it as phishing.
  • The link goes to an unfamiliar domain. Microsoft Defender's Safe Links and similar URL-rewriting systems can break the link entirely.
  • Clients who never read the first encryption email train their filter to mark future ones as junk.

Mitigation: choose an encryption gateway that allows white-labelled sending from the firm's own domain (most modern options do), onboard clients with a clear explanation of the encryption workflow at engagement, and test the encryption-notification template through seed accounts before rolling it out.

Litigation-hold notices and mass communication

Large firms occasionally need to send mass notices — litigation holds to employees of a corporate client, class-action notifications, or bar-association communications. These look, to spam filters, indistinguishable from cold outreach: large recipient list, formal subject line, little prior sending history to the individual recipients.

For any send over roughly 500 recipients, route through a proper ESP (SendGrid, Postmark, Amazon SES) with a warmed sending domain dedicated to the use case. Send from notices.firmname.com or legalnotices.firmname.com. Include an unsubscribe link (yes, even on mandatory notices — treat it as an opt-out of reminders, not the original notice) and make sure the from-address display name is the firm, not an individual attorney.

FAQ

Our clients never complain about not receiving email — do we still have a problem?

Possibly yes. Clients who don't see email often don't know they didn't see it — they just assume the firm hasn't sent anything. The way to find out is a seed test against a representative set of receivers, including any major corporate clients' Microsoft 365 tenants.

Should we send case-update emails from the attorney's inbox or from a firm system?

From the attorney's inbox, for relationship reasons. But the sending path has to be the firm's mail server with proper SPF/DKIM alignment. Attorneys sending from personal Gmail or personal Outlook accounts under the firm's domain through an email-client plugin is the most common source of alignment failures.

How do we handle email to international clients whose ISPs filter aggressively?

Major international receivers (Gmail global, Outlook global, and specific regional providers like orange.fr, t-online.de, mail.ru) each have their own filter quirks. Seed-test specifically to the receivers your international clients use. Proton Mail and Tutanota recipients will often see your email only after manual allow-list addition — factor that into client onboarding.

Can we just tell clients to whitelist our domain?

Yes, and you should — in the engagement letter and again during matter opening. But that alone isn't enough. Corporate IT whitelists typically require the corporate client's IT team to action them, and individual clients often don't know how. Whitelist requests are one lever among many, not a complete solution.
Related reading

Check your deliverability across 20+ providers

Gmail, Outlook, Yahoo, Mail.ru, Yandex, GMX, ProtonMail and more. Real inbox screenshots, SPF/DKIM/DMARC, spam engine verdicts. Free, no signup.

Run Free Test →

Unlimited tests · 20+ seed mailboxes · Live results · No account required