SpamAssassin

What Is My SpamAssassin Score and What Does it Mean?


The saga of the war against spam is neverending. On the frontlines of this fight is what you could call an elite special ops unit. We’re talking about SpamAssassin, one of the most popular and effective anti-spam platforms.

As marketers try to maintain and improve email deliverability rates, keeping your SpamAssassin score as low as possible is imperative. You need to avoid getting caught in the crosshairs while SpamAssassin works to keep the bad guys out of email inboxes.

SpamAssassin, as the name implies, targets email senders who have no regard for privacy or anti-spam laws and regulations. If you’re not careful, you can end up being mistaken for the enemy. This article will show you how to pass a SpamAssassin test on your emails. The good news is, it’s not that hard for legitimate senders.

What is SpamAssassin?

From the Apache Software Foundation, SpamAssassin is an open-source email filtering software that applies advanced testing and analytical tools to the headers and body text of messages to determine the likelihood of them being spam. 

Any system admin or mailbox provider using SpamAssassin for filtering will block emails that fail, or filter them into a spam folder. It’s estimated that more than half of email traffic is spam, but most of it never reaches inboxes. That’s thanks to filters like SpamAssassin.

SpamAssassin uses several different filtering techniques to catch spam, including DNS blocklists, text analysis, Bayesian filtering, and collaborative filtering databases. A scoring system and plug-ins analyze your email header and the email body copy. The filter then produces a different header that outlines your SpamAssassin score and how your email performed against its various checks.

Because SpamAssassin is capable of running a wide variety of tests, it is tough for spammers to fool and unlikely that non-spam messages are incorrectly filtered or blocked.

Still, email filtering is not an exact science, and SpamAssassin is not a perfect solution. There may be instances when legitimate emails get incorrectly identified as junk mail. To keep that from happening, senders need to keep an eye on SpamAssassin scores. But how do you find your SpamAssassin score and how does it work?

The SpamAssassin score explained

A SpamAssassin score ranks the likelihood of an email being spam. The higher the score, the higher the likelihood an email is junk. 

The process is pretty simple. For each email attribute SpamAssassin checks, there is a numerical score. Positive numbers indicate possible spam. Negative ones mean it’s unlikely to be spam. All the scores get added up. If the total surpasses a threshold set in the software, the email is marked as spam.

The default threshold for a SpamAssassin score is “5” with a “10” being the highest. But mailbox providers and system admins can adjust that to be higher or lower. When Email on Acid runs a SpamAssassin test during deliverability checks, we use the default score of “5” to provide a pass/fail result on that particular email.

Your goal as an email marketer is to keep your scores well under five. Check out the graphic below for an example of a SpamAssassin test result in the Email on Acid platform.

An example of SpamAssassin results in Email on Acid

How does SpamAssassin work?

As explained on the cPanel.net blog, SpamAssassin looks at emails in a similar fashion to human recipients.

“We all receive spam and can recognize what it is right away. We know what it looks like, and, usually, alarm bells start ringing in our minds even if we can’t say precisely why.

SpamAssassin works in the same way but on a much bigger scale. It looks for patterns that are common in unwanted email and, if a message matches lots of patterns, tells us that it’s probably not something you want to see.”

Of course, the inner workings of a spam filter are a bit more technical than that. Take one look at a SpamAssassin header and you’ll see what we mean.

The SpamAssassin header

Email on Acid uses the information in the SpamAssassin header to calculate a score for your email during deliverability testing. Here is an example of a SpamAssassin header:

 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on JetWeb
 X-Spam-Level:
 X-Spam-Status: No, score=-0.4 required=5.0 tests=ALL_TRUSTED,AWL,DKIM_SIGNED,
 DKIM_VERIFIED,HTML_MESSAGE,URIBL_BLACK autolearn=disabled
 version=3.2.5
 X-Spam-Report:
 * -1.4 ALL_TRUSTED Passed through trusted hosts only via SMTP
 * -0.0 DKIM_VERIFIED Domain Keys Identified Mail: signature passes
 * verification
 * 0.0 DKIM_SIGNED Domain Keys Identified Mail: message has a
 signature
 * 0.0 HTML_MESSAGE BODY: HTML included in message
 * 2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
 * [URIs: websitehere.com]
 * -0.9 AWL AWL: From: address is in the auto white-list

Let’s take a look at each header section and what it means.

X-Spam-Checker-Version

X-Spam-Checker-Version indicates which version of SpamAssassin was used to check your email. When we last updated this content the most current release, according to Apache, was version 3.4.6, as of August 2021.

X-Spam-Level

X-Spam-Level indicates the overall SpamAssassin score given to the email you’re sending out. This is an approximate summary and is notated with stars (*). Unlike online ratings and movie reviews, getting fewer stars is a good thing. Each star represents one positive point. SpamAssassin rounds down for this, making a score of 3.4 equal to three stars in the header.

So, an X-Spam-Level of *** means the email scored positive three. It would look like this:

 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on JetWeb
 X-Spam-Level: ***

Messages with a score of less than one will show no stars in the header, which is what we see in the full SpamAssassin header example above. 

X-Spam-Status

X-Spam-Status tells you if an email is considered spam or not, and this line gives the exact numerical score. It will say ‘no’ if it’s not spam (as above). 

This is followed by the score and the threshold your email must remain below to be considered legitimate. If SpamAssassin has been modified for a different threshold, you’ll see something other than the default “required=5.0.” 

X-Spam-Status: No, score=-0.4 required=5.0

In our example, the email scored -0.4. The negative number indicates its highly unlikely that the message is spam.

X-Spam-Report

Next, the header will list all the SpamAssassin tests that were run. If your email performs poorly on any of them, you’ll see that information and will know which aspects to improve before sending out the email.

To the left of each test, you’ll see the score for each factor. Again, a negative score increases the email’s legitimacy, and a positive score decreases it. These all get added up to produce the overall score. 

 X-Spam-Report:
 * -1.4 ALL_TRUSTED Passed through trusted hosts only via SMTP
 * -0.0 DKIM_VERIFIED Domain Keys Identified Mail: signature passes
 * verification
 * 0.0 DKIM_SIGNED Domain Keys Identified Mail: message has a
 signature
 * 0.0 HTML_MESSAGE BODY: HTML included in message
 * 2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
 * [URIs: websitehere.com]
 * -0.9 AWL AWL: From: address is in the auto white-list

The name of each test appears in ALL CAPS, along with a short description of what each test reviews. This particular SpamAssassin test looked at the DKIM (DomainKeys Identified Mail) protocol, as well as the body copy. It also looked for domains/URLs in the email that are on blocklists. 

That’s just a fraction of what SpamAssassin is capable of checking. System administrators can set up the filter to determine which factors make up the score.

15 tips to avoid the SpamAssassin

If you’re a legitimate sender, you’re probably already following most of these tips. As the SpamAssassin experts explain: 

“Don’t worry too much about specific rules within SpamAssassin. The rules catch spam. If your email isn’t spam, you shouldn’t be matching the rules. Even if you do hit an occasional rule, unless your email is actually spam, it shouldn’t score high enough to be a problem.”

However,  if your SpamAssassin score is higher than you’d prefer, look through this list (or a more detailed one here) and see what you can improve.

1. Verifiable domain

Your domain should have a verifiable IP address. Look at your "reply-to" and "from" domains, and be sure they’re correct, accurate, and easy for anyone to look up and confirm.

2. Intelligent message ID

The message ID should reflect your system, and the mailing agent should identify itself in the headers. It should also have the correct date and time, including the right time zone.

3. Don’t hide anything

Legitimate senders have no reason to hide information that’s common to emails. Your "from" and "to" names should be accurate. If the email is to a list, the header should say so. The source and destination should be present, too. 

4. Use HTML the right way

For text-only emails, this doesn’t apply. But if you’re using HTML, use high-quality composition tools. Generating emails in something like MS Word leaves telltale signs that are common to spam. You can run yours through an HTML validator to be sure it’s clean. 

Avoid things like unbalanced tags, invalid tags, and default titles. Don’t include any invisible text — everything should be readable.

Also, all HTML emails should include a text section that will show up for people who prefer to view emails in that format. And the text copy should be a fairly close match to the HTML copy.

5. Use the right tools

Email composition tools help you build emails that don’t look like spam. Common signs of spam include things like missing MIME sections, invalid or missing message IDs, and subjects or headers with unescaped Unicode. 

Using professional email tools helps prevent these sorts of things from putting your emails in the sights of SpamAssassin.

In contrast, if you come across a bulk email sending tool that includes a “stealth sending” option, that’s a big red flag that the tool is popular with spammers and should be avoided. If your domain becomes associated with a disreputable tool, it can land you in the SpamAssassin doghouse (not to mention the junk folder). 

6. Set up email authentication

Email authentication protocols help receiving mail servers identify legit senders from spammers posing as a reputable brand (aka email spoofing). SpamAssassin is capable of checking for SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) as it scores an email. 

Setting up email authentication protocols can only help improve/lower your SpamAssassin score and it is important to overall deliverability as well.

7. Don’t be weird

If you write emails in a normal-sounding tone and without bizarre grammar or structure, you’ll be doing another good service to your SpamAssassin score.

For example, strange characters, needless capitalizations, words with P.E.R.I.O.D.S. separating all the letters, and other unprofessional forms of writing make you look like spam. Steer clear. Just be normal.

8. Don’t force readers to change preferences 

Some spammers tell readers to open their email in a different tool so they can view it properly. This is more common for people who have images disabled and are seeing the text-only option. 

There should, ideally, be nothing in the HTML version that isn’t also in the text version. If there is, and if it’s that important, then provide a link to a page that contains the information in the graphics.

9. Avoid image-only emails

While we’re on the subject, it’s best to not send an email that’s entirely images. There should always be some text. Image-only campaigns are horrible for email accessibility.

You should add alt text for every important image. You may also want to add some copy explaining the graphic — always provide context! 

10. Don’t ever say this…

Don’t ever tell readers that “this email is not spam.” Only a spammer would say that. 

Likewise, don’t say that your email complies with laws such as GDPR, CASL, and CAN-SPAM. Again, if you’re in compliance, there’s no need to say this. Many of your subscribers have never heard of those laws anyway. 

11. But, be in compliance

Don’t say your email complies with all the big anti-spam laws — but make sure it does! If you fall out of compliance, you increase the chances of landing on blocklists, which is one thing SpamAssassin checks.

12. Be careful with links

Linking to other sites — such as an in-email advertisement or a link to another blog or resource — can be risky. If the domain you’re linking to is on a blocklist and has a poor sender reputation, you might be viewed as an ‘accomplice’. 

The bigger problem here is that some good, legitimate companies have poor sender reputations, and it’s hard for you to know. Reviewing your score and SpamAssassin header can help. But you may want to be wary of linking to other sites within your emails. 

13. Avoid common spam topics

This is a big part of SpamAssassin’s testing process. References to things like Rolexes, Viagra, debt, weight loss, and various prurient content are so common to spam that SpamAssassin uses these as a way to identify it.

Now, if your business is a legitimate one and you offer products or services in these ‘red flag’ industries, the recommendation is to keep each email to a single topic. Mentioning weight loss on its own might be okay. But no email should mention weight loss and Viagra at the same time. 

If you’re a real sender offering these types of products, follow all the other practices that legitimate senders use, and you should be fine.

14. Have a privacy policy

Your website should have a privacy policy that’s easy to find and includes contact information. Put a link to it within your emails. This is a strong indication of your legitimacy as a sender.

15. Test your emails before sending them

Lastly, run spam tests on all your emails before you hit send. The SpamAssassin test is a big one, but there are other popular options such as the Barracuda spam filter.

Email on Acid’s spam testing and deliverability process runs a test using 23 of the most important spam filters, with SpamAssassin being just one of the more well-known filters. In addition to spam tests, our customers can monitor blocklists and take action if their domain shows up on any of them. 

Take advantage of our free trial and find out how Email on Acid helps you improve and maintain email deliverability. 

This post was last updated in August of 2021. It was originally published in December 2012.

EMAIL DELIVERABILITY DOESN’T HAVE TO BE A MYSTERY

A lot can happen on the way to your customers’ inboxes. Wondering if your emails will land in spam, why a major mailbox provider is rejecting messages, or why bounce rates are climbing? Mailgun Optimize can get you those answers. It’s a complete email deliverability suite that helps you stop wondering and start improving.

GET BETTER INBOX PLACEMENT