Content Filtering

Definition

Content filtering is the part of spam detection that analyses the actual content of a message, its subject line, body text, links, images, and HTML, to judge whether it looks like spam. It is one input into a larger spam filter that also weighs reputation and authentication. Content filtering scores patterns spammers tend to use, from phishing links to obfuscated HTML, and adds that risk to the overall verdict.

  • Analyses the message itself: subject, body, links, images, and HTML
  • One signal within a broader spam filter, not the whole decision
  • Flags phishing links, deceptive wording, and obfuscated HTML
  • A clean reputation does not excuse content a filter distrusts
At a glance
Analyses Subject · body · links · images · HTML
Part of The wider spam filter
Common checks URL reputation · keywords · HTML structure
Risk factor Low text-to-image ratio
Method Rules plus learned classifiers
Pairs with Reputation & authentication signals

What content filtering examines

Where reputation filtering asks “who sent this?”, content filtering asks “what is in it?” It parses the message and scores the parts spammers most often abuse:

  • Links. URLs are checked against reputation and phishing blocklists; a link to a known-bad domain is one of the heaviest single penalties a message can carry.
  • Wording. Subject lines and body text are scored for deceptive or high-pressure phrasing and patterns statistically associated with spam, rather than any one banned word.
  • HTML and structure. Obfuscation tricks (hidden text, mismatched colours, broken or disguised markup) and a very low text-to-image ratio all raise the score, because they mirror techniques used to slip past filters.
  • Attachments. File types and contents are inspected for malware and risky formats.

How it fits the bigger filter

Content filtering rarely decides a message’s fate on its own. It is one contributor to a combined score inside the spam filter, sitting alongside IP reputation, domain reputation, authentication results, and, at the big providers, recipient engagement. A scoring engine such as SpamAssassin assigns points to content rules (a low text-to-image ratio, a link on a phishing list) and totals them with everything else.

That interplay cuts both ways. Excellent content cannot rescue a message from a sender with a terrible reputation, and a trusted sender still gets penalised for genuinely abusive content. Modern providers increasingly use learned classifiers rather than fixed keyword lists, so content filtering reacts to overall structure and intent more than to individual words.

Writing mail that clears content filters

The goal is to avoid resembling the spam the filter is trained on:

  • Keep a healthy text-to-image ratio. An all-image email with almost no real text is a classic spam pattern; balance images with genuine copy.
  • Use clean, honest links. Link to domains with a good reputation, avoid link shorteners that hide the destination, and never point at anything on a phishing list.
  • Write a straight subject line. Skip the all-caps, the wall of exclamation marks, and the bait-and-switch between subject and body.
  • Send valid HTML. Broken markup, hidden text, and mismatched colours read as obfuscation. Keep the HTML clean and include a plain-text alternative.

None of this substitutes for the bigger levers. Content is the smaller part of the verdict, so pair good content with strong authentication and a clean reputation; the improving email deliverability guide covers how the pieces combine.

Content filtering vs reputation filtering

Content filtering Reputation filtering
Question it asks What is in the message? Who is sending it?
Looks at Subject, body, links, HTML IP and domain history, blocklists
Changes per message Yes No, it tracks the sender
Fixable by editing copy Often No
Weight in modern filters Secondary Primary

By the numbers

40%
A common guideline cap on how much of a message body should be images before a low text-to-image ratio is penalised.
5.0
The default SpamAssassin threshold that content rules contribute points toward alongside reputation and authentication.

Common mistakes

Sending an all-image email
A message that is one big image with almost no text is a textbook spam signal and often renders blank when images are blocked. Balance images with real copy and a plain-text alternative.
Hiding links behind shorteners
Link shorteners and disguised URLs conceal the real destination, which is exactly what phishing does, so content filters distrust them. Link to clear, reputable domains instead.
Treating content as the whole battle
Polishing copy while ignoring authentication and reputation rarely fixes a spam problem. Content is the smaller lever; the sender signals carry more weight.

Frequently asked questions

What is content filtering in email?
It is the part of spam detection that analyses the content of a message, its subject, body, links, images, and HTML, to judge whether it looks like spam. It scores patterns spammers favour, such as phishing links, deceptive wording, obfuscated HTML, and a very low text-to-image ratio, and feeds that risk into the broader spam filter alongside reputation and authentication.
What content triggers spam filters?
Links to domains on phishing or reputation blocklists, deceptive or high-pressure subject lines, obfuscation tricks like hidden text and mismatched colours, broken HTML, risky attachments, and a body that is almost all image with little text. Modern filters react more to overall structure and intent than to any single banned word.
Does good content guarantee the inbox?
No. Content filtering is only one input. A message with clean content still lands in spam if the sending IP or domain has a poor reputation, authentication fails, or recipients ignore and report your mail. Good content helps, but reputation, authentication, and engagement carry more of the decision.
Reviewed by Jennifer Jackson, Email Deliverability Analyst · June 2026 ← Back to glossary