SpamAssassin scores explained: What email marketers need to know
Ivo Simeonov
Spam (emails, not the meat) is everywhere, and over the years email inboxes have evolved to do an amazing job at filtering it out and protecting us from spammers’ nefarious efforts.
Sometimes, however, spam filters catch regular emails in their nets as well. This can happen if the sender of the email hasn’t properly set up certain configurations, or has unknowingly included content that might be spam-like.
SpamAssassin is one framework that administrators and Internet Service Providers (ISPs) use to identify spam. The system is also used by email senders (and email verification tools like MailerCheck) to grade the “spamminess” of their own emails, catch any mistakes and improve deliverability.
So what is SpamAssassin? How are scores calculated? And how can you keep a good SpamAssassin score? You’re about to find out!
What is SpamAssassin?
Apache SpamAssassin is an open-source platform primarily used to assess and filter email spam. It can be directly integrated with a mail server to automatically filter out spammy emails, or run by users for individual mailboxes.
Next to being a spam filter, SpamAssassin is also used by email senders to assess the deliverability of email campaigns. In fact, you’ll find that it’s integrated into many popular email deliverability and verification tools, including MailerCheck!
How SpamAssassin scores emails
SpamAssassin works by analyzing an email and giving it a spam score. The lower the score, the better, with anything above 5 being considered spam by default.
There are over 700 tests that SpamAssassin uses to detect spam, and a variety of techniques including Bayesian filtering, blocklists, DNS (Domain Name System), external programs and online databases.
You don’t need to know about all of the SpamAssassin tests (phew), but it’s good to understand how a SpamAssassin score is calculated. Which is pretty simple!
A score is given for each attribute SpamAssassin checks. These show the likelihood that the email is indeed spam. Individual attribute scores are added to give you your overall SpamAssassin score.
👍 Negative numbers are great, as this indicates the email is unlikely to be spam, and will keep your overall score down
🙂 “0” is neutral, meaning that this factor has little impact
👎 Positive numbers suggest possible spam
How do SpamAssassin scores impact email deliverability?
Many email inbox providers use SpamAssassin as part of their spam filtering process. This means getting a bad score can severely impact your deliverability.
If your score is above 5, there’s a very high chance that your email will land in the spam folder rather than the main inbox. But that doesn’t mean a score under 5 will automatically land in the inbox as it depends on the inbox administrator threshold, plus other factors they use to assess spam.
The lower your SpamAssassin score, the better
Mail server administrators or email providers can pick their own SpamAssassin score threshold. While the default score is 5, the SpamAssassin team encourages people to set a score they feel comfortable with and lower it accordingly.
Since administrators and email providers can put whatever value they see fit, it’s good to not settle for a score of 5 and call it a day. Some email services or administrators might set their threshold to 3, which means your email will be rejected and will not arrive in their inbox.
For this reason, it’s important to aim for the lowest score possible. Aim for a score below 4, with your best bets lying between 0-2. Anything above 2 and you should be looking to fix whatever issues are causing tests to fail.
What’s the deal with negative SpamAssassin scores? (hint: they’re great!)
So now you know that a score between 0-2 is optimal, but what if your email score is negative?
At first, seeing a negative value as a SpamAssassin test result might be perplexing. But in fact, negative SpamAssassin scores are just what you should strive to achieve, if possible, because remember—the lower the score the better!
Though it’s not impossible to get a negative test score, it can be challenging. There are only two tests SpamAssassin runs by default that can provide negative scores:
DKIM_VALID
DKIM_VALID_AU
DKIM stands for DomainKeys Identified Mail, and DKIM configuration is required by most ESPs when you create your account. These two tests add up to -0.2 in total—so make sure you have DKIM configured before you start sending!
There are other tests that can achieve negative scores, but the caveat here is that it is essentially impossible to get them from a sender’s perspective.
The reason for this is that nearly all of these tests (shown in the table above the red line) will not be run unless the administrator of the recipient server chooses to add the sender’s address to their SpamAssassin’s allowlist.
Here’s a practical example:
You host a mail server and use SpamAssassin as part of your spam filtering solution. You want to allow all emails from [email protected] to be delivered with no limitations whatsoever, no matter how spammy they may be.
One easy way to do this is to add the sender’s email address to one of the allowlists that would trigger one of SpamAssassin’s “WHITELIST” tests (see table). This test then assigns a very impactful -100 score to the test result.
Achieving a score as low as -100 makes it virtually impossible for an email message to fail the check of this particular SpamAssassin instance, therefore gaining “safe passage” to where the message was originally addressed.
What SpamAssassin tests look for
SpamAssassin “reads” emails and runs tests to look for any attributes and patterns associated with spam. Every time it “reads” an email message, hundreds of tests are performed. They look for things like:
Spammy email content
Presence on blocklists
DKIM and SPF record configuration
Suspicious links and attachments
Spam related terms
Disallowed scripts
The test also aims to verify the source of the message, and that the message hasn’t been altered in transit, by taking a look at the DKIM.
It also takes into account the historical engagement of recipients who received emails sent by you. If there is a history of recipients not opening your emails but you keep sending to them anyway, this will have a negative effect on your SpamAssassin score (so it’s important to regularly clean your email list!).
All these individual tests can be categorized into five main “areas”: Header, body, rawbody, full and URI.
The two most common areas, and therefore the ones affecting the overall SpamAssassin score most, are the header and body of emails.
The email header contains system information, usually hidden from view by default but still accessible if needed (e.g., for reporting abuse and tracking the sender, or other diagnostics)
The message body is the content that recipients see when they open the email
Once the test is completed, SpamAssassin assigns a score for each attribute based on their occurrence and calculates the overall score as described above. In the next section, we’ll have a look at an example of SpamAssassin test results.
Test complete: Your SpamAssassin results
Whenever a test is completed, SpamAssassin adds its results in the email header so the email server can read the results and decide to filter it out or let it go through.
If you’ve ever seen a SpamAssassin header, you might have confused it for a complex mathematical equation. Though there’s a lot happening, the most important part people will look for is the X-Spam-Level and X-Spam-Status.
X-Spam-Level: This displays your spam level with asterisks, with one asterisk displayed per point, rounded down. For example, if your overall SpamAssassin score is 4.3, it will display ****. If you score less than 1, for example, 0.5, it will display nothing.
X-Spam-Status: This value tells you whether your email is spam, displayed YES if it is, and NO if it isn’t. This is followed by your SpamAssassin score in numerals, for example, 4.3. It will also display the default score required, as well as the tests that were run.
If you use an email verification tool like MailerCheck, you don’t need to worry about figuring out this header information.
How to test your SpamAssassin score with MailerCheck
MailerCheck’s Inbox Insights feature is a simple way to check your SpamAssassin score and act upon the findings.
Our tool displays your results in a clear table that includes a list of the factors that contributed to your score and an insightful description of each one. With this knowledge, it’s easy to make changes that will positively impact your deliverability.
Getting started is a breeze, just set up an Inbox Insights test and send your campaign to the unique email address provided. Our tool runs the test once it receives the email and displays the result in your dashboard. You’ll have your report in no time!
The SpamAssassin test is just one part of our overall content check. We analyze several other factors that help you avoid the spam filter, including:
HTML validation test reviews your campaign’s HTML code to check for broken or missing HTML tag properties
Content check highlights words or phrases that could trigger spam filters
Link and images validation reviews all images and links to discover broken paths, missing alt tags, or profanity within file names
Sender authentication test checks your SPF and DKIM records against email blocklists to ensure you send from an authorized domain and mail server
When combined, these tests are a powerful way to ensure that your campaigns land in your subscribers’ inboxes.
Want to try it yourself?
Run your own email insights with MailerCheckBelow you see an example of a SpamAssassin test result. This particular test email passed with a score of 1.4—a number SpamAssassin likes! Since the value is in the range of 0-2, the sender can go ahead and send the email as it is, with no improvement needed.
If the overall grade was high enough to suggest a problem, you’d just have to check the table for red numbers and optimize where needed.
| Warning | Description |
|---|---|
| URIBL_BLOCKED | The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: googleapis.com] |
| RCVD_IN_MSPIKE_H2 | Average reputation (+2) [185.249.220.136 listed in wl.mailspike.net] |
| FREEMAIL_REPLYTO_END_DIGIT | Reply-To freemail username ends in digit ( @gmail.com) |
| DKIM_ADSP_CUSTOM_MED | No valid author signature, adsp_override is CUSTOM_MED |
| HEADER_FROM_DIFFERENT_DOMAINS | From and EnvelopeFrom 2nd level mail domains are different |
| FREEMAIL_FROM | Sender email is commonly abused enduser mail provider |
| FORGED_GMAIL_RCVD | 'From' gmail.com does not match 'Received' headers |
| HTML_FONT_LOW_CONTRAST | HTML font color similar or identical to background |
| HTML_MESSAGE | HTML included in message |
| MIME_HTML_MOSTLY | Multipart message mostly text/html MIME |
| DKIM_SIGNED | Message has a DKIM or DK signature, not necessarily valid |
| DKIM_VALID | Message has at least one valid DKIM or DK signature |
| DKIM_VALID_EF | Message has a valid DKIM or DK signature from envelope from domain |
| UNPARSEABLE_RELAY | Message has unparseable relay lines |
| FREEMAIL_FORGED_FROMDOMAIN | 2nd level domains in From and EnvelopeFrom freemail headers are different |
Time to get practical: 8 ways to keep your SpamAssassin score low
That was a lot to digest, wasn’t it? If you’re reading this: You’re awesome! We’ve now arrived at the part where you can take actionable steps to keep your SpamAssassin score low.
But first, some great news: The likelihood of SpamAssassin marking a legitimate email as a SPAM email is very low. SpamAssassin has been one of the leading anti-spam frameworks for over 20 years, and is trusted by ESPs and ISPs alike.
If you’re a genuine sender sending real emails you shouldn’t have much to worry about.
That being said, there are a few things you should be doing to ensure your score stays low and you follow email marketing best practices.
1. Authenticate your email
Email authentication is one of the most basic (and probably the first) things you can do to make your emails more trustworthy. It prevents spammers from acting as reputable sources in order to carry out a cyber-attack or other criminal activity, and requires senders to verify their domain.
When using an ESP, they’ll ask for you to configure your SPF and DKIM records during setup. Not doing so will have a direct impact on your SpamAssassin score.
Another important detail here is that you should avoid using freemail domains to send out your campaigns (Gmail, Yahoo, etc.). This is common spammer behavior and is frowned upon, plus you will be able to only partially authenticate your emails.
2. Warm-up your sender reputation
Spam filters care about reputation, sender reputation that is. And if you’ve made a bad one for yourself, there’s no getting into that inbox. SpamAssassin uses recipient engagement as part of its testing so it’s important to build your sender history and reputation for your IP address.
To do this, ensure that you send out high-quality content to people who actually want to see it and will engage with it. In other words, make sure your subscribers have opted in to receive emails from you and you are regularly cleaning your email list.
If you send out emails to people who aren’t interested or don’t exist, they’ll be ignored, marked as spam or bounce, which will harm your sender reputation.
3. Run your emails through MailerCheck
Use the SpamAssassin score checker included in MailerCheck’s Email Insights feature to find out how likely your email is to be marked as spam and how you can improve your score.
MailerCheck uses multiple spam filters and tactics to evaluate emails, with SpamAssassin results forming up 20% of the overall score.
As well as fixing up your emails, you can also verify your subscribers to make sure that your email lists are healthy and won’t have a negative effect on your sender reputation and SpamAssassin score.
4. Use a reputable ESP
A good ESP will ensure that you’re following best practices in order to use their services, and they’ll help you to set up certain configurations such as DKIM and SPF. What’s more, with shared IPs, sender reputation has already been established, as it is built on the collective activity of all senders using the IP.
It will also help you to create professional emails that are structured properly so as not to appear as spam.
5. Build up momentum and be consistent
Most spammers create new accounts and then send out bulk emails to as many email addresses as possible. So this kind of activity can be flagged as suspicious, even if the sender has good intentions.
Start out slow, build up your activity, and be consistent to reassure spam filters that you’re legit.
6. Keep an eye on blocklists
Email blocklists are lists of IP addresses, servers and domains that are suspected to have been used for spam. Inbox providers such as Gmail and Yahoo use them to identify which messages to send to the spam folder.
Ending up on an email blocklist has a terrible impact on your email deliverability. It’s good practice to monitor these blocklists so you can quickly remove yourself if listed. The good news is that getting delisted is relatively easy when you know how: find out more in this guide to email blocklist removal.
7. Don’t send image-only emails
While that graphic design might look great, it’s not going to make your email accessible. There are a variety of reasons why images might not be displayed in an email message, the most simple of all being that the recipient has images disabled. Low text:image ratios can add to your score, so try to stick to 60% or more text if this is an issue.
Create emails that are a mix of text and images that complement each other, and remember to use alt text—yes, it’s for emails too—for an even better experience.
SpamAssassin cannot yet analyze image contents, so the check that runs on images is in fact heavily influenced by this text description.
8. Stay away from spam words
It’s not just the obvious words that you need to avoid. There’s a whole list of words that are not recommended for use in emails as they come off as spammy. These include the more innocent examples of “buy”, “online degree” and “freedom”!
You can use MailerCheck’s Email Insights feature to find all the words in your email that might be flagged as indicative of spam.
Mission accomplished
SpamAssassin scoring can be quite a lot to wrap your head around. But bayesian filtering aside, once you understand the scoring system and what it measures, it’s much easier to understand your results and how you can avoid landing yourself with an undesirable SpamAssassin score.
Have a question about SpamAssassin? Fire away in the comments!
Editor’s note: This post was originally published in 2021. We've updated it with more in-depth content.
