SpamAssassin scores explained: What email marketers need to know

Spam (emails, not the meat) is everywhere, and over the years email inboxes have evolved to do an amazing job at filtering it out and protecting us from spammers’ nefarious efforts. 

Sometimes, however, spam filters catch regular emails in their nets as well. This can happen if the sender of the email hasn’t properly set up certain configurations, or has unknowingly included content that might be spam-like. 

SpamAssassin is one framework that administrators and Internet Service Providers (ISPs) use to identify spam. The system is also used by email senders (and email verification tools like MailerCheck) to grade the “spamminess” of their own emails, catch any mistakes and improve deliverability. 

So what is SpamAssassin? How are scores calculated? And how can you keep a good SpamAssassin score? You’re about to find out!

Apache SpamAssassin is an open-source platform primarily used to assess and filter email spam. It can be directly integrated with a mail server to automatically filter out spammy emails, or run by users for individual mailboxes.

Next to being a spam filter, SpamAssassin is also used by email senders to assess the deliverability of email campaigns. In fact, you’ll find that it’s integrated into many popular email deliverability and verification tools, including MailerCheck!

SpamAssassin works by analyzing an email and giving it a spam score. The lower the score, the better the chances of the email getting delivered successfully. Anything below 5 is considered to be a decent score—above 5 and there is a good chance that the email will be filtered out somewhere before it reaches the inbox.

There are over 700 tests that SpamAssassin uses to detect spam, and a variety of techniques including Bayesian filtering, blocklists, DNS (Domain Name System), external programs and online databases. 

You don’t need to know about all of the SpamAssassin tests (phew), but it’s good to understand how a SpamAssassin score is calculated. Which is pretty simple!

A score is given for each attribute SpamAssassin checks. These show the likelihood that the email is indeed spam. Individual attribute scores are added to give you your overall SpamAssassin score.

  • 👍  Negative numbers are great, as this indicates the email is unlikely to be spam, and will keep your overall score down
  • 🙂  “0” is neutral, meaning that this factor has little impact
  • 👎  Positive numbers suggest possible spam

When mail server administrators or email providers are setting up SpamAssassin, they can pick their own SpamAssassin score threshold. The default score is 5, though the SpamAssassin team encourages people to set a score they feel comfortable with and lower it accordingly.

Since administrators and email providers can put whatever value they see fit, it’s good to not settle for a score of 5 and call it a day. Some email services or administrators might set their threshold to 3, which means your email will be rejected and will not arrive in their inbox.

For this reason, it’s important to aim for the lowest score possible. Aim for a score below 4, with your best bets lying between 0-2. Anything above 2 and you should be looking to fix whatever issues are causing tests to fail.

So now you know that a score between 0-2 is optimal, but what if your email score is negative?

At first, seeing a negative value as a SpamAssassin test result might be perplexing. But in fact, negative SpamAssassin scores are just what you should strive to achieve, if possible, because remember—the lower the score the better!

A table of SpamAssassin rules that can gain a negative score

Though it’s not impossible to get a negative test score, it can be challenging. There are only two tests SpamAssassin runs by default that can provide negative scores:

  • DKIM_VALID 
  • DKIM_VALID_AU

DKIM stands for DomainKeys Identified Mail, and DKIM configuration is required by most ESPs when you create your account. These two tests add up to -0.2 in total—so make sure you have DKIM configured before you start sending!

There are other tests that can achieve negative scores, but the caveat here is that it is essentially impossible to get them from a sender’s perspective. 

The reason for this is that nearly all of these tests (shown in the table above the red line) will not be run unless the administrator of the recipient server chooses to add the sender’s address to their SpamAssassin’s allowlist.

Here’s a practical example:

You host a mail server and use SpamAssassin as part of your spam filtering solution. You want to allow all emails from [email protected] to be delivered with no limitations whatsoever, no matter how spammy they may be.

One easy way to do this is to add the sender’s email address to one of the allowlists that would trigger one of SpamAssassin’s “WHITELIST” tests (see table). This test then assigns a very impactful -100 score to the test result.

Achieving a score as low as -100 makes it virtually impossible for an email message to fail the check of this particular SpamAssassin instance, therefore gaining “safe passage” to where the message was originally addressed.

SpamAssassin “reads” emails and runs tests to look for any attributes and patterns associated with spam. Every time it “reads” an email message, hundreds of tests are performed. They look for things like:

  • Spammy email content 
  • Presence on blocklists 
  • DKIM and SPF record configuration
  • Suspicious links and attachments
  • Spam related terms
  • Disallowed scripts

The test also aims to verify the source of the message, and that the message hasn’t been altered in transit, by taking a look at the DKIM. 

It also takes into account the historical engagement of recipients who received emails sent by you. If there is a history of recipients not opening your emails but you keep sending to them anyway, this will have a negative effect on your SpamAssassin score (so it’s important to regularly clean your email list!). 

All these individual tests can be categorized into five main “areas”: Header, body, rawbody, full and URI.

The two most common areas, and therefore the ones affecting the overall SpamAssassin score most, are the header and body of emails. 

  • The email header contains system information, usually hidden from view by default but still accessible if needed (e.g., for reporting abuse and tracking the sender, or other diagnostics)
  • The message body is the content that recipients see when they open the email
pie chart showing how many tests check each area of the email

Once the test is completed, SpamAssassin assigns a score for each attribute based on their occurrence, and calculates the overall score as described above. In the next section, we’ll have a look at an example of SpamAssassin test results.

Test complete: Your SpamAssassin results

Whenever a test is completed, SpamAssassin adds its results in the email header so the email server can read the results and decide to filter it out or let it go through.

If you’ve ever seen a SpamAssassin header, you might have confused it for a complex mathematical equation. Though there’s a lot happening, the most important part people will look for is the X-Spam-Level and X-Spam-Status.

  • X-Spam-Level: This displays your spam level with asterisks, with one asterisk displayed per point, rounded down. For example, if your overall SpamAssassin score is 4.3, it will display ****. If you score less than 1, for example, 0.5, it will display nothing.
  • X-Spam-Status: This value tells you whether your email is spam, displayed YES if it is, and NO if it isn’t. This is followed by your SpamAssassin score in numerals, for example, 4.3. It will also display the default score required, as well as the tests that were run.

If you use an email verification tool like MailerCheck, you don’t need to worry about figuring out this header information. 

MailerCheck’s Email Insights feature runs SpamAssassin’s tests against your email, pulls the results and displays them in an easy-to-read table. What you’ll see is a list of the factors that contributed to your score, the score given and a description of why it was given. Much more convenient!

  • Want to give it a try yourself?

    Run your own email insights with MailerCheck

Below you see an example of what this might look like. This particular test email passed with a score of 1.4—a number SpamAssassin likes! Since the value is in the range of 0-2, the sender can go ahead and send the email as it is, with no improvement needed.

If the overall grade were to be higher, MailerCheck will show you. Email senders can then check the detailed table below, look for the red numbers, and optimize where needed.

MailerCheck SpamAssassin results

That was a lot to digest, wasn’t it? If you’re reading this: You’re awesome! We’ve now arrived at the part where you can take actionable steps to keep your SpamAssassin score low.

But first, some great news: The likelihood of SpamAssassin marking a legitimate email as a SPAM email is very low. SpamAssassin has been one of the leading anti-spam frameworks for over 20 years, and is trusted by ESPs and ISPs alike. 

If you’re a genuine sender sending real emails you shouldn’t have much to worry about. 

That being said, there are a few things you should be doing to ensure your score stays low and you follow email marketing best practices. 

1. Authenticate your email

Email authentication is one of the most basic (and probably the first) things you can do to make your emails more trustworthy. It prevents spammers from acting as a reputable source in order to carry out a cyber attack or other criminal activity, and requires senders to verify their domain.

When using an ESP, they’ll ask for you to configure your SPF and DKIM records during setup. Not doing so will have a direct impact on your SpamAssassin score. 

Another important detail here is that you should avoid using freemail domains to send out your campaigns (Gmail, Yahoo, etc.). This is common spammer behavior and is frowned upon, plus you will be able to only partially authenticate your emails.

2. Warm-up your sender reputation

Spam filters care about reputation, sender reputation that is. And if you’ve made a bad one for yourself, there’s no getting into that inbox. SpamAssassin uses recipient engagement as part of its testing so it’s important to build your sender history and reputation for your IP address. 

To do this, ensure that you send out high-quality content to people who actually want to see it and will engage with it. In other words, make sure your subscribers have opted in to receive emails from you and you are regularly cleaning your email list. 

If you send out emails to people who aren’t interested or don’t exist, they’ll be ignored, marked as spam or bounce, which will harm your sender reputation. 

3. Use a reputable ESP

A good ESP will ensure that you’re following best practices in order to use their services, and they’ll help you to set up certain configurations such as DKIM and SPF. What’s more, with shared IPs, sender reputation has already been established, as it is built on the collective activity of all senders using the IP. 

It will also help you to create professional emails that are structured properly so as not to appear as spam.

4. Build up momentum and be consistent

Most spammers create new accounts and then send out bulk emails to as many email addresses as possible. So this kind of activity can be flagged as suspicious, even if the sender has good intentions. 

Start out slow, build up your activity, and be consistent to reassure spam filters that you’re legit. 

5. Don’t send image-only emails

While that graphic design might look great, it’s not going to make your email accessible. There are a variety of reasons that images might not be displayed in an email message, the most simple of all being that the recipient has images disabled. Low text:image ratios can add to your score, so try to stick to 60% or more text if this is an issue. 

Create emails that are a mix of text and images that complement each other, and remember to use alt text—yes, it’s for emails too—for an even better experience. 

SpamAssassin cannot yet analyze image contents, so the check that runs on images is in fact heavily influenced by this text description.

6. Stay away from spam words

It’s not just the obvious words that you need to avoid. There’s a whole list of words that are not recommended for use in emails as they come off as spammy. These include the more innocent examples of “buy”, “online degree” and “freedom”! 

You can use MailerCheck’s Email Insights feature to find all the words in your email that might be flagged as indicative of spam. 

7. Run your emails through MailerCheck

Use the SpamAssassin score checker included in MailerCheck’s Email Insights feature to find out how likely your email is to be marked as spam and how you can improve your score. 

MailerCheck uses multiple spam filters and tactics to evaluate emails, with SpamAssassin results forming up 20% of the overall score. 

As well as fixing up your emails, you can also verify your subscribers to make sure that your email lists are healthy and won’t have a negative effect on your sender reputation and SpamAssassin score. 

Mission accomplished

SpamAssassin scoring can be quite a lot to wrap your head around. But bayesian filtering aside, once you understand the scoring system and what it measures, it’s much easier to understand your results and how you can avoid landing yourself with an undesirable SpamAssassin score. 

Have a question about SpamAssassin? Fire away in the comments!

Ivo
I'm Ivo, Deliverability Manager at The Remote Company. I seek to enhance email deliverability for senders and keep our portfolio of ESP products SPAM and abuse free. I am also passionate about cutting edge technological advances, the digital financing (r)evolution and space exploration, colonization and commercialization.