Spam Filter

Definition

A spam filter is the software a mailbox provider or mail server uses to decide whether an incoming message reaches the inbox, lands in the spam folder, or is rejected outright. Modern filters do not read content alone: they score each message across reputation, authentication, content, and recipient engagement, then route it based on the total. The most influential signal today is who is sending, not just what they wrote.

  • Decides inbox, spam, or reject for every incoming message
  • Weighs reputation and authentication as heavily as content
  • Many filters are scoring engines: rules add and subtract points
  • Provider filters lean on engagement signals you never see directly
At a glance
What it does Classifies mail as inbox / spam / reject
Main signals Reputation · authentication · content · engagement
Classic engine Bayesian scoring (e.g. SpamAssassin)
Default verdict Score at or above a threshold = spam
Provider filters Add private engagement and ML signals
Authentication SPF · DKIM · DMARC results feed the score

How a spam filter decides

A spam filter is fundamentally a classifier. For every message it gathers a set of signals, weighs them, and produces a verdict: deliver to the inbox, divert to the spam folder, or refuse the message. What has changed over the years is which signals carry the weight. Early filters judged content almost exclusively; today filters judge the sender first, using IP reputation, domain reputation, and authentication results as primary inputs, with content as a secondary check.

The order is deliberate. A message from a sender with a strong reputation and clean SPF, DKIM, and DMARC results starts with the benefit of the doubt; the same words from an unauthenticated stranger on a poorly-rated IP do not. This is why two identical newsletters can land in different folders: the filter is reacting to the reputations behind them, not only their text.

The signals a filter weighs

A modern filter blends four broad categories of signal:

  • Reputation. The track record of the sending IP and domain, drawn from history and from blocklists and reputation services.
  • Authentication. Whether SPF, DKIM, and DMARC pass and align. Failures push a message toward the spam folder and, under a strict DMARC policy, toward rejection.
  • Content. The words, links, structure, and formatting of the message, analysed through content filtering. Phishing links, spammy phrasing, and obfuscated HTML all add risk.
  • Engagement. At the big mailbox providers, how recipients have treated your past mail (opens, replies, deletes-without-reading, and especially spam complaints) is a powerful, private signal you cannot inspect directly.

Scoring filters and the threshold

Many on-premise and gateway filters work as explicit scoring engines. The best-known is SpamAssassin, which runs a message through hundreds of rules covering content, headers, authentication, and URL reputation, then adds up the points. Rules that look spammy add points; rules that look legitimate (such as a valid DKIM signature) subtract them.

A simplified SpamAssassin-style score: rules add and subtract points against a threshold
  1.2  HTML_IMAGE_RATIO_02   Low text-to-image ratio in the message body
  2.5  URI_PHISH             A link matches a known phishing domain
  0.8  MISSING_HEADERS       Message lacks a standard header
 -1.0  DKIM_VALID            Message carries a valid DKIM signature
 ----
  3.5  TOTAL  (threshold 5.0: below 5.0 is delivered)

By default, SpamAssassin tags a message as spam once its score reaches 5.0, though administrators can lower the bar; many senders aim to stay well under 2.0 for safety. A Bayesian component learns from messages previously marked as spam or not, so the filter adapts to the mail a given system actually receives.

The major mailbox providers run far more sophisticated, partly machine-learned versions of the same idea, layering in the private engagement data above and continuously retraining. You cannot see their exact rules, which is why chasing a single “spam word” rarely helps: at scale, reputation and engagement dominate the verdict.

Staying on the right side of the filter

Because the filter judges the sender first, the durable way to reach the inbox is to be a sender it trusts. Authenticate fully with SPF, DKIM, and DMARC; keep your complaint rate low (Google asks bulk senders to stay under 0.3% in Postmaster Tools); practise list hygiene so you are not mailing dead addresses or spam traps; and send mail people want, so engagement stays positive.

Content still matters, but as the smaller lever. Avoid the patterns content filters penalise, write a clear subject line, and do not disguise links or stuff a message with images and little text. For the full picture, the improving email deliverability guide walks through the levers in order, and the sender reputation checker shows how the sender side of your setup looks.

How a spam filter routes a message

A message arrives at the receiving server
The filter checks reputation and authentication first
Strong sender: benefit of the doubt Weak or unauthenticated: penalised
It scores the content and weighs recipient engagement
The combined score is compared to a threshold
Below threshold: inbox Above: spam folder Severe: rejected
The message is routed to inbox, spam, or refused

What spam filters weigh, then and now

Older filters Modern filters
Primary signal Message content Sender reputation
Authentication Barely used Core input (SPF, DKIM, DMARC)
Engagement data None Heavy at major providers
Method Static rules, Bayesian scoring Rules plus machine learning
Beatable by wording alone? Sometimes Rarely

By the numbers

5.0
The default SpamAssassin score at which a message is tagged as spam; rules add and subtract points toward it.
0.3%
The spam-complaint rate Google asks bulk senders to stay under in Postmaster Tools.
4
Broad signal categories a modern filter blends: reputation, authentication, content, and engagement.

Common mistakes

Treating content as the only lever
Rewording a subject line does little when the real problem is a poorly-rated IP or a high complaint rate. Modern filters judge the sender first; fix reputation and authentication before fussing over words.
Sending without authentication
Unauthenticated mail starts at a disadvantage with every major filter and is rejected outright under a strict DMARC policy. Publish SPF, DKIM, and DMARC before worrying about anything else.
Chasing a list of “spam words”
No single trigger word sends you to spam at the big providers; their machine-learned filters weigh hundreds of signals. Engagement and reputation outweigh any phrase.
Ignoring engagement
If recipients delete your mail unread or mark it as spam, provider filters learn to divert you regardless of clean content. Send mail people actually want and keep complaint rates low.

Frequently asked questions

How do spam filters work?
A spam filter scores each incoming message across reputation (the sending IP and domain’s history), authentication (whether SPF, DKIM, and DMARC pass and align), content (words, links, and formatting), and, at the large providers, recipient engagement. It compares the result to a threshold and routes the message to the inbox, the spam folder, or rejection. Sender reputation now carries more weight than content alone.
What triggers a spam filter?
The biggest triggers are a poor or unestablished sender reputation, failing or missing authentication, high spam-complaint rates, hitting spam traps, and sending unwanted mail that recipients ignore or report. Content factors such as phishing links, deceptive subject lines, obfuscated HTML, and a very low text-to-image ratio add to the score on top of those sender-level problems.
What is a good SpamAssassin score?
SpamAssassin tags a message as spam at a default threshold of 5.0, so anything below that is delivered, but most senders aim for under 2.0 to stay safely clear across servers that lower the bar. Remember that SpamAssassin is only one filter; the major mailbox providers run their own machine-learned systems with different, hidden thresholds.
How do I stop my emails going to spam?
Authenticate fully with SPF, DKIM, and DMARC, build and protect your sender reputation, keep your complaint rate low and your list clean, and send mail recipients genuinely want so engagement stays positive. Content matters too, but it is the smaller lever; reputation and engagement decide most of the verdict at scale.
Reviewed by Jennifer Jackson, Email Deliverability Analyst · June 2026 ← Back to glossary