Email Spam Score Checker: A 21-Rule Pre-Send Checklist (2026)

MiN8T Editorial

Email Deliverability & Engineering

Published April 29, 2026

You can build a beautiful campaign, write copy that converts, and design a hero that makes people stop scrolling — and still go to spam. The reason isn't usually one thing; it's a stack of small content patterns that, taken together, look like the textbook profile of "promotional bulk mail." Spam filters score that pattern. The score is the sum of dozens of small content signals.

Most modern spam filters use machine-learning models trained on billions of examples — black boxes you can't audit. But there's a parallel rule-based scoring system that's been documented and stable for over twenty years: SpamAssassin. Its rules still power inbound filtering on a meaningful chunk of the internet (small business email, university systems, hosting-provider catchalls, and any Postfix install with default modules). They're also what every "test your email's spam score" tool, including ours, runs under the hood.

This guide walks through what a 21-rule SpamAssassin-style content score actually checks, the four categories of rules, the five rules that fire most often (and how to fix them), why a passing score doesn't guarantee inbox delivery, when to ignore a rule, and a free unlimited browser-based tool that runs them all.

1 Why Content-Side Spam Scoring Still Matters

Modern spam filters are mostly machine-learning models that look at sender reputation, recipient engagement, content patterns, and dozens of other signals you can't audit at design time. Against a black-box model, a SpamAssassin-style content score feels antiquated.

It isn't. Two reasons it still matters in 2026:

1. Content patterns are one of the few signals you fully control

Your sender reputation is shaped by what you've sent before. Recipient engagement is shaped by who's on your list. Authentication (SPF/DKIM/DMARC) is shaped by your DNS and outbound infrastructure. All three take days, weeks, or quarters to move. Content is the one variable you can fix at design time. If your body copy is full of spam-trigger words, no improvement to the rest of the stack will save you.

2. SpamAssassin rules are still in production at scale

SpamAssassin powers a meaningful chunk of inbound mail filtering on small business email, university systems, hosting-provider catchalls, and anywhere a sysadmin set up Postfix with default modules. It's also the rule engine behind mail-tester.com — the tool every email-marketing blog has recommended for the last decade. The rules are well-documented, the weights are stable, and a content score under the threshold (5.0) reliably correlates with inbox delivery on those systems.

What this article is and isn't

This is a guide to scoring the content side of an email — the body HTML, the structure, the link patterns. It's not a guide to fixing SPF, DKIM, or DMARC (that's a different topic in deliverability). It's not a prediction of whether Gmail will inbox your mail (Gmail uses a model with thousands of features and SpamAssassin is barely one of them). It's a hygiene check: does your body avoid the textbook patterns that scream "promotional bulk mail"?

If a SpamAssassin-style scoring tool flags your email at 7+, the issue is in your copy, your structure, or your link pattern. Fix it before worrying about deliverability infrastructure.

2 How a 21-Rule Score Becomes a 0–10 Number

SpamAssassin works by running each rule against your email. Each rule has a name, a description, and a weight (typically 0.5 to 4.0 points). When a rule fires, its weight gets added to a cumulative score. The standard "spam" threshold is 5.0 cumulative points: under 5 = pass, 5+ = flagged.

Most user-facing tools (mail-tester, our checker, others) flip the convention so users see a friendlier 0–10 where 10 = clean. The conversion is roughly:

userScore = max(0, 10 - cumulativeSpamPoints)

So a body that triggers 0 SpamAssassin points is a 10/10. A body that triggers 5 points is a 5/10 (right at the threshold). Anything below 5/10 in the user-facing score is into "flagged as spam by SpamAssassin's default thresholds" territory.

Per-rule transparency is the value

The aggregate score is informative but not actionable. The actionable output is the per-rule breakdown: which specific rules fired, with what weight, and what each rule is checking for. That's what lets you go from "the score is 4.5" to "I can fix this in five minutes by removing two trigger words and adding a physical address to the footer."

Tools that only show the aggregate score — without rule-by-rule output — aren't useful for fixing anything. They tell you the patient is sick without telling you which organ.

3 The Four Categories of Rules

The 21 body-content rules in our checker (and most SpamAssassin-style implementations) fall into four categories. Knowing the category helps you understand the underlying intent.

Content (6 rules)

Word- and phrase-level checks. Spam-trigger phrases ("act now", "limited time", "100% guaranteed"), urgency language, generic greetings ("Dear Customer"), forward-to-friends asks, money-back claims, "Make $$$ from home" patterns. These rules date back to the early-2000s spam wars and are the most-recognized class.

Modern legitimate marketing copy can absolutely trigger these. A genuine sale email saying "Last chance to save 30% — ends tonight!" will score on urgency words. The score is telling you the body reads like bulk promotional mail because it is bulk promotional mail. Fix it by softening the framing or accept the small score hit.

Format (4 rules)

Structural patterns of the text itself. Excessive caps (more than 30% of letters), multi-exclamation runs ("!!!"), runs of money symbols ("$$$"), heavy emoji density. These are easy to fix by toning down the emphasis.

Structure (5 rules)

HTML-level patterns. Image-only emails (no body text means filters can't read the message), white-on-white hidden text, tiny or zero-size fonts, missing unsubscribe link, missing physical address, oversized HTML (over 100KB). Several of these are also CAN-SPAM compliance issues — missing them isn't just a deliverability hit, it's a legal risk for US senders.

Links (6 rules)

Patterns in your hyperlinks. URL shorteners (bit.ly, tinyurl), IP-based URLs (linking to http://192.0.2.1/), link/text mismatch (the visible text says "google.com" but the href goes elsewhere — the classic phishing pattern), excessive total link count, heavy use of tracking redirectors that obscure the destination domain.

Link patterns are the highest-leverage category to fix because each rule is a binary present-or-absent. Replace shortened URLs with full ones, audit text-vs-href consistency, prune any links that are dead weight.

4 The Five Most-Triggered Rules (and How to Fix Them)

Across thousands of test runs, five rules fire most often. If you've never used a content scorer before, these are likely the ones flagging your email.

1. SPAM_TRIGGER_PHRASE (typical weight: 1.5–3.0)

You used a phrase from the curated list of ~150 highest-impact spam triggers (free, urgent, act now, limited time, no obligation, risk free, etc.). The fix is rephrasing. "Free" is not banned; it's high-weight. Use it once, in context. The pattern that triggers the rule is two or three of these phrases in close proximity.

2. EXCESSIVE_CAPS (typical weight: 1.0)

More than 30% of your letters are uppercase. Common cause: a heavy headline ("DON'T MISS THIS DEAL") or a CTA that yells. Fix by lowercasing the headline and using bold/font-weight to convey emphasis instead of caps.

3. MISSING_UNSUBSCRIBE (typical weight: 2.5)

The body contains no link with text matching unsubscribe, opt-out, email preferences, or similar. CAN-SPAM requires this for marketing email and most deliverability filters require it. Fix by adding a footer with an unsubscribe link before the email goes out, period.

4. MISSING_PHYSICAL_ADDRESS (typical weight: 1.5)

Your footer doesn't include a physical postal address. CAN-SPAM requires this for any commercial email sent in or to the US. Fix by adding your company's mailing address (PO Box is fine) to the footer.

5. URL_SHORTENER (typical weight: 1.0–2.0)

You used bit.ly, tinyurl, t.co, or similar in the email body. URL shorteners obscure the destination domain, which is a phishing pattern. Fix by using the full destination URL. If you need redirect tracking for analytics, use your own domain (e.g. min8t.com/r/abc) which doesn't trigger the rule.

Fixing those five typically takes a 5–10/mo body to a 7–9/mo body. The remaining rules are usually edge cases.

5 Why a Good Score Doesn't Mean You'll Inbox

Two patterns to be honest about with the team relying on your score:

Authentication (SPF/DKIM/DMARC) is a separate axis

Content scoring checks the body. It does not check whether your domain has valid SPF and DKIM records, whether DMARC is published with a real policy, or whether your sending IP has a reputation. A perfectly clean body sent from a misconfigured domain will still go to spam — sometimes hard-bounced, sometimes outright rejected at the SMTP level.

If you suspect auth issues, the diagnostic path is different: check your most recent Received: headers and Authentication-Results: entries. Our Email Header Analyzer parses both and surfaces the SPF/DKIM/DMARC verdicts in plain language. For continuous monitoring across all your sending sources, DMARC reporting + a service like DeliverIQ is the durable answer.

Sender reputation is everything once it builds

Your IP and your sending domain accumulate reputation over time. Engagement on your campaigns (opens, clicks, replies, marks-as-spam, marks-as-not-spam) is the single biggest input to that reputation. Once you have a reputation, content matters less — Gmail will inbox a lightly-spammy body from a high-reputation sender. Conversely, a perfectly clean body from a brand-new domain with no engagement history goes through cold-start filtering and may take weeks of warmup to reach the inbox at all.

What content scoring catches that nothing else does

Despite the limitations, content scoring catches a class of issue that no other tool diagnoses well: the well-meaning but bulk-marketing-shaped email. The marketing copy that's a bit too aggressive. The image-only newsletter where the body is unscannable. The layout missing CAN-SPAM compliance elements. These are 5-minute fixes you can't see in your sender reputation dashboard or your DMARC report. You can only see them by running the body through a rule engine.

6 When to Ignore a Rule

The aggregate score is a heuristic. Some rules don't apply to every send, and treating the score as gospel can push you to bad copy decisions.

Transactional emails are exempt from several rules

Receipts, password resets, account notifications, shipping confirmations, two-factor codes — these are transactional under CAN-SPAM and are not required to have an unsubscribe link or a physical address. If MISSING_UNSUBSCRIBE and MISSING_PHYSICAL_ADDRESS fire on a transactional email and they're the only rules contributing to your score, the score is a false alarm. Ignore it.

The reverse problem: marketing emails sent from a transactional template often inherit a non-marketing footer that omits unsub. Watch for this.

Industry conventions sometimes mandate "trigger" copy

If you sell financial services, "100% guaranteed" might be a regulatory phrase you have to use. If you sell weight loss, "limited time" is standard sale-cycle language. If you sell anything with an end date, "today only" is just descriptive. The rule fires either way; you have to decide whether the small score hit is worth the message clarity.

Image-heavy newsletters

Some campaigns are deliberately image-driven (product spotlights, magazine-style newsletters). The IMAGE_ONLY rule will fire if your text content is below threshold. The fix is adding alt text and a paragraph or two of body copy — not changing the design philosophy. If that's not feasible, accept the rule firing.

Reading the per-rule output is the actual workflow

Look at WHICH rules fired, not just the aggregate. If they're all rules you've consciously decided are appropriate for this send (transactional exemption, regulatory phrase, design choice), the low aggregate score is a false alarm. If they're rules you didn't realize were firing, those are your fixes.

7 Try It Now (Free, Unlimited)

The MiN8T Spam Score Checker runs all 21 body-content rules and returns a score with a per-rule breakdown. It's free, unlimited (no 3-per-day cap that other tools impose), and doesn't require sending a test email to a unique address.

What to do with the result

The score is one input. The full pre-send workflow:

1. Inline your CSS first — the CSS inlining article walks through why and how. Inline output is what filters actually see.
2. Run the inlined output through the Spam Checker. Fix any rules in the Content / Structure / Links categories.
3. Visual-verify across clients with Inbox Preview — spam filters see what they see, but humans see what their email client shows them, and the two don't always agree.
4. Verify auth records separately. The Email Header Analyzer parses any received message and surfaces the SPF/DKIM/DMARC verdicts. For continuous monitoring of all your sending sources, DeliverIQ is the durable answer.

The honest framing about delivery prediction

Don't treat any free content scorer as a delivery prediction. They catch a real but limited class of issues. Modern filters use machine-learning models trained on billions of emails plus dozens of signals you can't see at design time. Treat content scoring as hygiene: necessary but insufficient. Combined with proper inlining, cross-client visual verification, and proper auth records, you've covered the parts you can control. The rest is your sender reputation, which is built one campaign at a time.

Related Articles

Email Design

How to Inline CSS for HTML Email: The Complete Guide

Deliverability

DMARC, SPF, and DKIM: The Complete Setup Guide

Testing

Email Testing Across 90+ Clients: The Definitive Guide