- Modern spam filters evaluate hundreds of signals simultaneously, not just content keywords. The decision to deliver to inbox or spam happens in milliseconds during the SMTP connection.
- Filtering happens in stages: connection-level checks (IP reputation, rDNS), authentication checks (SPF, DKIM, DMARC), reputation evaluation (domain and IP scoring), content analysis (ML-powered), and post-delivery engagement tracking.
- Recipient engagement (opens, clicks, replies, complaints, deletes-without-reading) is now the dominant signal for inbox placement at Gmail and an increasingly important factor at all major providers.
- Each mailbox provider uses a different weighting system. Gmail prioritizes engagement; Outlook leans on SmartScreen and external reputation data; Yahoo blends authentication alignment with complaint monitoring.
- Understanding these signals gives senders a framework for diagnosing deliverability problems: work through each filtering stage systematically to identify where your email is being downgraded.
Every email you send passes through a gauntlet of automated checks before it reaches (or fails to reach) the recipient's inbox. Modern spam filters are not the simple keyword scanners of a decade ago. They are AI-powered systems that evaluate authentication, sender reputation, recipient behavior, content patterns, and sending infrastructure in real time, making a placement decision in milliseconds.
Understanding how these filters work is not just academic; it is the foundation for diagnosing and fixing every deliverability problem you will ever encounter. This guide breaks down the filtering process stage by stage, explaining exactly what signals mailbox providers evaluate and how each one affects where your email lands.
The Five Stages of Email Filtering
When your email server connects to a mailbox provider's server to deliver a message, the filtering process begins immediately and continues even after the email is delivered. Think of it as a series of gates, each progressively more nuanced.
| Stage | What Happens | When It Happens | Result of Failure |
|---|---|---|---|
| 1. Connection | IP reputation check, rDNS verification, rate limiting | Before the email content is transmitted | Connection refused or deferred (4xx/5xx SMTP error) |
| 2. Authentication | SPF, DKIM, DMARC evaluation | During SMTP transaction | Rejection, spam placement, or continued with reduced trust |
| 3. Reputation | Domain reputation, sender history, blocklist checks | During SMTP transaction and processing | Spam folder placement or throttling |
| 4. Content | ML-powered content analysis, URL scanning, attachment checking | During message processing | Spam folder placement |
| 5. Engagement | Recipient behavior tracking, per-user filtering | After delivery and ongoing | Future messages from sender get filtered |
Stage 1: Connection-Level Checks
Before your email content is even transmitted, the receiving server evaluates the connecting IP address and server identity.
IP Reputation
Mailbox providers maintain reputation databases for sending IP addresses based on historical behavior. An IP with a history of sending spam, high bounce rates, or generating complaints will be flagged before the message is even accepted. This is why IP reputation matters even though domain reputation is increasingly dominant.
Reverse DNS (PTR Record)
The receiving server checks whether the connecting IP has a valid PTR record (reverse DNS) and whether the hostname resolves back to the same IP. Missing or mismatched rDNS is a common indicator of poorly configured infrastructure, which spam filters associate with illegitimate senders.
Rate Limiting and Throttling
Mailbox providers impose rate limits on incoming connections, especially from new or untrusted senders. If your server attempts to deliver too many messages too quickly, the provider will return temporary 421 deferral responses, asking you to slow down and try again later. This is the throttling mechanism that makes IP and domain warmup necessary.
Stage 2: Authentication Checks
Once the connection is accepted, the receiving server evaluates the email's authentication credentials. Since 2024, all three major providers (Gmail, Yahoo, Microsoft) require proper authentication for bulk senders.
SPF Evaluation
SPF checks whether the sending IP is authorized to send email for the domain in the Return-Path (envelope sender). The receiver queries your domain's SPF DNS record and compares the connecting IP against the authorized list. Results include pass, fail, softfail, neutral, or permerror.
DKIM Verification
DKIM verifies the cryptographic signature in the email header against the public key published in your DNS. If the signature is valid, it proves the email was sent by someone with access to the private key and that the message was not altered in transit.
DMARC Alignment
DMARC checks whether either SPF or DKIM passes AND aligns with the domain in the From header. Alignment means the domain that passed SPF or DKIM matches (or is a subdomain of) the From domain. DMARC also tells the receiver what to do with messages that fail: nothing (p=none), quarantine them, or reject them.
Tip: A message can pass SPF but fail DMARC alignment. This happens when the Return-Path domain (checked by SPF) does not match the From domain. DMARC requires alignment, not just a pass. This distinction trips up many senders using third-party services that send with their own Return-Path domain.
Stage 3: Reputation Scoring
Even with perfect authentication, your email still needs to pass reputation checks. Mailbox providers maintain complex, rolling reputation scores for both domains and IP addresses.
Domain Reputation
Domain reputation is now the primary reputation signal at Gmail and is growing in importance at all major providers. It follows your brand regardless of which ESP or IP you use. Domain reputation is built from complaint rates, bounce rates, spam trap hits, engagement patterns, and blocklist history over a rolling window (typically 30 days).
IP Reputation
IP reputation is still evaluated, particularly at Microsoft and Yahoo. For senders using dedicated IPs, this reputation is entirely their own. For senders on shared IPs, the reputation is collective, which means another sender's bad behavior can affect your deliverability.
Blocklist Checks
Receiving servers query major DNS-based blocklists (DNSBLs) such as Spamhaus, Barracuda, and SpamCop to check whether the sending IP or domain is listed. A listing on a major blocklist like Spamhaus can result in immediate rejection at many providers.
Stage 4: Content Analysis
Modern content filtering goes far beyond keyword matching. Mailbox providers use machine learning models trained on billions of messages to evaluate the overall quality and legitimacy of your email.
What ML Models Evaluate
- Structural patterns: HTML code quality, text-to-image ratio, number and type of links, use of CSS hiding or deceptive formatting
- URL reputation: The domains linked in your email are checked against phishing databases and reputation systems. Links to newly registered domains, known malicious sites, or URL shorteners raise flags.
- Content similarity: Your email is compared against known spam templates and patterns. If it structurally resembles spam that has been previously reported, it gets scored accordingly.
- Header consistency: Mismatches between the From name, From address, Reply-To address, and Return-Path can indicate phishing or spoofing attempts.
- Attachment analysis: Attachments are scanned for malware signatures, macro-enabled documents, and suspicious file types.
What Content Filters Do NOT Do (Anymore)
A persistent myth is that using specific words like "free" or "discount" in subject lines triggers spam filters. While these terms were historically problematic, modern ML-based filters evaluate context, not individual keywords. A legitimate retailer sending a promotional email about a "free shipping" offer from a well-authenticated domain with strong reputation will not be filtered simply because of the word "free." Content is one factor among many, and for reputable senders with strong engagement, content is rarely the deciding factor.
If you suspect content is causing spam placement, change your content while keeping everything else constant (same authentication, same list, same sending infrastructure) and test again. If the problem persists with completely different content, the issue is almost certainly reputation or engagement, not content.
Stage 5: Engagement-Based Filtering
This is the stage that has changed most dramatically in recent years and now has the greatest influence on inbox placement, especially at Gmail. Engagement-based filtering evaluates how recipients actually interact with your emails and uses that data to make per-user and aggregate filtering decisions.
Positive Engagement Signals
- Opens and reads: Opening an email and spending time reading it signals interest. Gmail tracks "time in view" alongside simple open events.
- Clicks: Clicking links in your email is a strong positive signal indicating the content is relevant and wanted.
- Replies: Replying to an email is the strongest positive engagement signal. It proves the recipient actively values the communication.
- "Not spam" actions: When a recipient moves your email from spam to inbox or clicks "Not spam," it sends a powerful positive signal for that specific sender-recipient pair.
- Adding to contacts: When a recipient adds your sending address to their address book, it acts as an explicit whitelisting signal.
- Stars/flags/labels: Organizing or starring your messages indicates they are important to the recipient.
Negative Engagement Signals
- Spam complaints: Clicking "Report Spam" or "Mark as Junk" is the most damaging negative signal. Gmail requires senders to maintain a complaint rate below 0.1%.
- Delete without reading: Consistently deleting emails from a sender without opening them tells the mailbox provider the content is unwanted.
- Ignore patterns: When recipients repeatedly ignore emails (neither open, click, nor delete), it signals low relevance over time.
- Unsubscribes: While less negative than complaints (it is a legitimate action), high unsubscribe rates contribute to a pattern of disinterest.
How Engagement Becomes Filtering Decisions
Mailbox providers aggregate engagement data at two levels:
- Per-user level: Your email might go to inbox for recipients who regularly engage with your messages but to spam for recipients who never open them. This is why the same campaign can have different inbox placement rates across your list.
- Aggregate level: If a large percentage of all your recipients show negative engagement patterns, your overall sender reputation declines, affecting delivery to everyone, even engaged subscribers.
Gmail's filtering is so engagement-dependent that a sender with mediocre authentication but excellent engagement can outperform a sender with perfect authentication but poor engagement. This is why list hygiene, segmentation, and sending relevant content to engaged audiences is arguably more important than any single technical configuration.
How Each Major Provider Differs
Gmail
Gmail uses TensorFlow-based machine learning models that process hundreds of signals simultaneously. Engagement is the dominant factor. Gmail also uses crowd-sourced filtering; when enough users mark emails from a sender as spam, Gmail will preemptively filter that sender for other users. Gmail's Promotions tab adds another layer, separating commercial email from personal correspondence regardless of spam/not-spam classification.
Microsoft Outlook
Microsoft uses SmartScreen filtering technology that relies heavily on external reputation data (including Spamhaus and other DNSBLs), IP reputation, and header analysis. Microsoft's filtering is generally more conservative with new senders and more sensitive to IP-level signals than Gmail. Microsoft also uses its Junk Email Reporting Program (JMRP) for complaint feedback.
Yahoo/AOL
Yahoo blends reputation scoring with authentication alignment and complaint monitoring. Yahoo is notably less forgiving about SPF and DKIM alignment issues and responds quickly to complaint rate increases. Yahoo provides a Complaint Feedback Loop that sends complaint reports back to senders.
Using This Knowledge for Deliverability
Understanding how spam filters work gives you a systematic framework for diagnosing and fixing deliverability problems. Work through the filtering stages in order:
- Connection issues? Check IP reputation, rDNS, and blocklist status.
- Authentication failures? Verify SPF, DKIM, DMARC pass and align. Use our header analyzer to inspect authentication results in actual delivered messages.
- Reputation problems? Review Google Postmaster Tools, check complaint rates, scan for blocklist listings.
- Content triggers? Test with different content while keeping all other variables constant. Fix HTML quality, link density, and URL reputation issues.
- Engagement decline? Segment by engagement level. Send to active subscribers first. Implement sunset policies for non-engaged contacts. Focus on content relevance and frequency optimization.
Most deliverability problems can be traced to a failure at one or two of these stages. By understanding what each stage evaluates, you can quickly narrow down the root cause and apply the right fix.
Frequently Asked Questions
Modern spam filters use machine learning to evaluate overall content patterns rather than flagging individual keywords. While extreme keyword stuffing (hundreds of repetitions of sales terms) can still trigger filters, typical marketing language used by legitimate senders in the context of well-authenticated, reputable sending is not a significant risk factor. Reputation and engagement carry far more weight than any single word in your content.
Gmail relies heavily on recipient engagement and domain reputation, using AI models trained on user behavior to predict whether a message is wanted. Outlook uses SmartScreen filtering that emphasizes external reputation signals (like Spamhaus blocklists), IP reputation, and header analysis. A sender can have strong inbox placement at Gmail due to good engagement but poor placement at Outlook due to IP reputation issues, or vice versa.
For most senders in 2026, recipient engagement is the most influential factor for inbox placement, particularly at Gmail. However, engagement only matters once you pass the prerequisite gates: proper authentication (SPF, DKIM, DMARC), clean IP and domain reputation, and no blocklist listings. Think of it as a hierarchy: authentication is the foundation, reputation is the structure, and engagement is the roof.
A single email is unlikely to permanently damage your reputation, but a single campaign that generates a high complaint rate (above 0.3%) or triggers a blocklist listing can cause temporary filtering of subsequent messages. Mailbox providers use rolling reputation windows (typically 30 days), so the impact of a bad send diminishes over time as you resume clean sending practices. The key is to address the root cause quickly and maintain consistent, quality sending behavior afterward.