elfdesigns - Knowledgebase - How to Get your Email Message Past the Spam Filters

How to Get your Email Message Past the Spam Filters

SpamAssassin is one of the most effective and popular content based spam filters on the market. It uses a scoring system where messages are tagged as spam only when they have enough spam characteristics in total. A properly managed SpamAssassin installation correctly identifies 90% to 95% of spam with less than 1% false positives.

A score of more than 5 may cause deliverability issues while scores of greater than 10 frequently develop delivery issues. You should always aim to keep your score under 5 for each campaign you send.
Asks You to Click Below (In lower or capital letters)- Body Rule

Explanation


This SpamAssassin rule scans the body looking essentially for the phrases "click here" or "click below".

Example


"Click Here for your great offer" | "Click on the link below for details"

Suggestion


Any phrase that doesn't include the words "click" should not trigger this rule. Try "visit here" as an alternative. This rule also looks for ALL CAPS as well, so "CLICK HERE" is caught as well as "click here".

Image tag intended to identify you - Body Rule

Explanation


This SpamAssassin rule scans the body looking for the presence of "web bugs" or "web beacons". A web bug is an HTML <IMG> tag that typically returns a transparent 1 pixel by 1 pixel wide image. The image is only returned after passing through a tracking program that informs the sender that the message was opened and by whom. Web bugs only work in HTML email. Since HTML email is automatically rendered upon reading, any user online who opens their mail will trigger the web bug. Web bugs are seen by many as an invasion of privacy. A best practice is for those sending email with web bugs to disclose the practice in their Privacy Policy and Email Policy.

Example


http://www.domain.com/bug.cgi?id=1a2b3c45

Suggestion


The only way around this rule is either to not utilize web beacons or dynamic images or to somehow create a web image tracking device that does not include any of the above "extensions". If you disclose use of web bugs clearly in your privacy and email policy, you can feel better about using them - your recipients should know they are there. There seems to be no valid reason to use obfuscated URLs in an email message.

In general, knowing whether a subscriber has opened a message is extremely valuable. We would not recommend removing a web beacon unless it is the last, best way to reduce the "spaminess" of the message to a level that makes it likely to be delivered.
Dear Friend? That's not very dear!' - Body Rule

Explanation


This SpamAssassin rule scans the message body looking for the word "Dear" along with the word "Friend".

Example


Dear Friend

Suggestion
 Any phrase that doesn't exactly match the regular expression above will not trigger the rule.

Back to top
Contains 'Dear (something)' - Body Rule

Explanation


This SpamAssassin rule scans the message body looking for the word "Dear" along with a capitalized name

Example


Dear internet candidate
Dear Madam
Dear Car Shopper
Dear Internet traveller

Suggestion
 Any phrase that doesn't exactly match the regular expression above will not trigger the rule.
Includes a URL Link to Send an Email - Body Rule

Explanation


This SpamAssassin rule scans the message body for a "mailto:" tag.

Example


<a href="mailto:[email protected]">[email protected]</a>

mailto:[email protected]

Suggestion


At the writing of this guide, this rule has only a very low association with spam according to analysis. The increased ease-of-use that is provided by the "mailto:" tag surpasses any delivery issues generated by having the tag.
Tells You How To Stop Further SPAM - Body Rule

Explanation


Looks for the phrases "you do not wish to receive" or "you no longer wish to receive"

Example


You do not wish to receive

Do the following if you no longer wish to receive this mail

Suggestion


Opt out instructions are required by law in many US states and considered an email marketing best practice. Whether this scores positive or negative toward your SpamAssassin score, opt out instructions should be in email marketing copy. If you can find an alternate way to phrase the unsubscribe instructions other than the exact phrases listed above, you can avoid tripping this rule.
Message-Id was added by a relay - Header Rule

Explanation


This SpamAssassin rule scans the header looking for the Message-Id header tag. Specifically the test looks for the Message-Id to appear before the "Received by" header.

Example


None available

Suggestion


In RFC compliant email deployment systems, the Message-Id will be in the original email as recommended. This test looks for the Message-Id to appear before "Received-by" headers. If you don't properly apply a Message-Id before you send your messages you will likely trip this rule. You may want to consider changing your mailing setup.

The RFC for Internet Email Format - RFC 2822, indicates that messages SHOULD have a Message-Id: present when prepared and handed off to a recipient MTA. Still, many MTA's will simply add the Message-Id if one is not present. SpamAssassin finds that in certain circumstances, if Message-Id was added by a relay it is consistent with much spam that has been analyzed.

Consider changing your email deployment system to include Message-Id, however, if it is likely to be a difficult change in an email deployment system - consider the penalty of this rule on your overall spam score and whether it's worth any effort to avoid this rule.
Message-Id is not valid, according to RFC 2822 - Header Rule

Explanation


The Message-Id uniquely identifies a piece of mail. The field is generated by the Mail User Agent (MUA) or the first Mail Transfer Agent (MTA) that the message passes through. As a unique identifier it must be unique across both space and time. For that reason, it is structured similar to an email address - that is the unique value is split with an "@" sign. The left hand side of the value typically uniquely indicates the message, usually by combining a date/time stamp numeric value with a process id of some sort. The right side typically identifies the machine in which the message originated, e.g. host.domain.com.

Some programs which are used to send junk mail insert a forged Message-Id: header which contains invalid information. Normal mail servers do not include this invalid information, and so this is a strong indicator of junk mail.

Example


[email protected]

Suggestion


In RFC compliant email deployment systems, the Message-Id will be in the original email as required and should be formed according to syntax requirements set forth by Simple Mail Transfer Protocol (SMTP). If this rule is flagged in your results, first note where the message in question was sent to SpamAssassin from. If it was sent from a personal MUA, such as Microsoft Outlook Express, then you may consider ignoring this flag. Versions of Outlook Express are known to create erroneous Message-Id's. Production email marketing messages are typically not sent via Outlook. If the message was sent from your production email deployment system, you should contact your email deployment vendor or internal development group to investigate.
HTML has a big font - Body Rule

Explanation


This SpamAssassin rule scans the body looking for tags. Specifically it looks for tags whose "SIZE" attribute is either set to "+1" or larger or "3" or larger. The rule also looks at size pt designations greater than 12 pt in <STYLE> tags as well.

Example






<STYLE="font-size:14pt;>

Suggestion


Large font size may be indicative of a spam sender practice. Use larger font size sparingly, or consider using an image to represent the desired text with the appropriate size desired.
HTML font color is blue - Body Rule

Explanation


This SpamAssassin rule scans the body looking for tags. Specifically it looks for tags whose "COLOR" attribute is blue.

Example






Suggestion


SpamAssassin rules are based largely on the open source rule set provided by SpamAssassin. SpamAssassin's genetic algorithm takes into account how often a particular attribute is associated with spam. Blue color font has been historically associated with spam, however its score has fluctuated and decreased with successive releases of SpamAssassin.
Tells You To Click On a URL - Body Rule

Explanation


This SpamAssassin rule scans the body looking for the phrase "click here".

Example


<a href=http://www.domain.com>Click Here for your great offer</a>

Suggestion


Anything that doesn't include the phrase "click here" in an HTML anchor tag ("<a>") should not trigger this rule. Try alternate phrases for "click here."
HTML link text says "click here" - Body Rule

Explanation


This SpamAssassin rule scans the body looking for HTML anchor tags with the phrase "click here".

Example


<a href=http://www.domain.com>Click This for your great offer</a>

Suggestion


Anything that doesn't include the phrase "click here" or "click this" in an HTML anchor tag ("<a>") should not trigger this rule. Try alternate phrases for "click here" or "click this".
HTML Font Face is Not a Commonly Used Face - Body Rule

Explanation


This SpamAssassin rule scans the body looking for HTML tags that use uncommon or nonstandard fonts.

Example


Hello world

Suggestion


Any Font Face value not specified above will trip this rule. Email marketing best practice would be to use a common font for greatest compatibility for recipients. Spam senders may attempt to utilize uncommon fonts to either draw attention or for some other reason.
"Remove" URL Contains an Email Address -

Explanation


This SpamAssassin rule examines all URI / URL references in an email, looking for HTTP references that include an email address.

Example


http://domain.com/blah.pl?e=[email protected]&id=5

Suggestion


A URL that references an email address is construed as passing that information back to a program. This typically occurs in email marketing in web beacons/bugs and unsubscribes/list modification links. While in some cases it may be considered an email marketing best practice, it is also correlated to spam (according to SpamAssassin).
HTML Font Color is Same as Background - Body Rule

Explanation


This SpamAssassin rule examines HTML tag "bgcolor" attributes and compares the value to the relative color setting. If these values match then this rule is flagged. This rule is also known as the "invisible HTML" rule.

Example


<body bgcolor="white">

Some hidden text

Some visible text

</body>

Suggestion


There does not seem to be any email marketing or other best practice need to include "invisible HTML" in an email message. This is a spam sender tactic and attempt to either hide key words or otherwise circumvent spam filters.
Spam Tool Pattern in MIME Boundary - Header Rule

Explanation


This SpamAssassin rule examines an email message's MIME encoding boundaries. In general, spam senders use deployment systems that use distinctive patterns.

Suggestion


If you are using an outsourced vendor for email deployment, they likely will not be affected by this or will have already been alerted to it. If you have a proprietary email deployment engine, you may arbitrarily hit this rule. Simply work with your vendor or internal development group to adjust the boundary to not flag this rule. The Regular Expressions listed above are all the current tests in SpamAssassin for Spam Tool checking - as of the time of the last update of this document.
HTML Font Color is "red | yellow | green | gray | blue | magenta | cyan" - Body Rule

Explanation


This SpamAssassin rule examines HTML tag color attribute for various colors. If the value is matched then this rule is flagged. Note that these colors can be set in HTML by using the color name or using a Hexadecimal RGB color code:

Red or #FF0000
Yellow or #FFFF00
Green or #008000
Gray or #808080
Blue or #0000FF
Magenta or #FF00FF
Cyan or #00FFFF

Example


Some_red_text

Some_visible_text

</body>

Suggestion


According to analysis of spam, there seems to be enough of a correlation of certain FONT colors used in HTML email such that there is a score penalty. In general, avoid these colors of text where possible. Consider using a graphic element if these colors of HTML text are required.
Contains a Tollfree Number - Body Rule

Explanation


This message looks for "call" or " dial" or "toll free" followed by 800, 888, 877, 866, 855, 844, 833 or 822.

Example


call 1-877-433.2323 now!

Dial Toll Free - 1-888-222-3333 your offer now!

Dial Toll Free - 1-888-CALL NOW for your offer now!

Suggestion


At the time of the writing of this document, the "weight" of this rule is almost zero - indicating that it adds very little to the "spaminess" of the message. However, if you want to avoid this rule, use a delimiter other than a dash ("-")
Risk free. Suuurreeee.... - Body Rule

Explanation


This SpamAssassin rule examines the message body for "Risk Free" type phrases.

Example
 risk free
no risk

Suggestion


Any phrase that doesn't exactly match the regular expression above will not trigger the rule.
Save $$$ - Body Rule

Explanation


This SpamAssassin rule examines the message body for "Save $$$" type phrases.

Example


Save $ now!!!!

Save $$$$$$$$$$$$$$$

Suggestion


Limit excessive use of $ symbol relative to the word "Save". Note there are additional rules looking for verbose versions, such as "Save Money", "Save Thousands", "Save Millions", "Save up to".
Free Offer - Body Rule

Explanation


This SpamAssassin rule examines the message body for "Free Offer" type phrases.

Example


Free offer.

Special offer.

Trial offer.

Suggestion


Any phrase other than the exact phrases above will not trip this rule.
Stop the offers, coupons, discounts etc! - Body Rule

Explanation


This SpamAssassin rule examines the message body for various offer type phrasing. See below.

Example


Continue to receive this fabulous offer.

Receive this once in a lifetime discount.

Partner special.

Suggestion


There are a lot of combinations, so if you hit this rule, pay attention. Any phrase other than the exact phrases above will not trip this rule - so simple modifications to your sentence phrasing should work. Consider the overall score that this rule has on your message and it may or may not be worth changing the matching phrase.
A WHOLE LINE (OR MORE) OF YELLING DETECTED - Body Rule

Explanation


This SpamAssassin rule looks for sentences that are in ALL CAPS. The rules attempt to evaluate lines of characters in ALL CAPS, taking into account and ignoring lines which might be newsletter section headers, which are often in all caps. To be safe, lines which have "!" or "$$" (spam often has a yelling line indent with spaces, but surrounded by dollar signs), or a "." which appears to end a sentence, are kept.

Example


!!! WONDERFUL UNREALISTIC OFFER FOR YOU!!!

*** ANNOYING HEADLINES AND NEWS THAT SHOUT AT YOU ***

Suggestion


Limit use of all caps - general email netiquette considers ALL CAPS to be the equivalent of SHOUTING AT THE RECIPIENT.
Only $$$ - Body Rule

Explanation


This SpamAssassin rule examines the message body for "Only $$$" type phrases.

Example


Only for you! $500 Special Offer

Buy this wonderful product for only $99.99

Suggestion


Any phrase that doesn't exactly match the regular expression above will not trigger the rule.
Contains a Line >= 199 Characters Long - Raw Body Rule

Explanation


This SpamAssassin rule scans the body looking for inordinately long lines for email messages.

Suggestion


Best email practice for text messages is to "wrap" text with a Carriage Return somewhere between every 50-70 characters per line. Doing so will ensure this rule is not triggered. For HTML copy it is trickier, as HTML white space is negligible. Because of this, it is possible for an entire HTML file to be contained on a single line, in pure text form, but still render with HTML and tags as a well formed document. If you trip this rule, make sure your text and HTML messages both have carriage returns often enough - that is < 199 characters between each line return. In HTML copy, be sure to place carriage returns in between complete tags - that is, do not split a tag:

Correct:

 Some Text Here...
the next line here 

Incorrect:

 Some Text Here... the next line here

Contains "For Only Some Amount Of Cash" - Body Rule

Explanation


This SpamAssassin rule examines the message body for "for only x amount of money" type phrases.

Example


For just $100 dollars you could make millions...

Suggestion


Any phrase that doesn't exactly match the regular expression above will not trigger the rule.
Quoted-printable Line Longer Than 76 Characters - Header Rule

Explanation


This SpamAssassin rule scans the body looking specifically for quoted-printable encoding. This encoding scheme encodes individual characters rather than groups of characters. The quoted printable encoding scheme by protocol does not allow lines longer than 76 characters.

Suggestion


If this rule is being flagged in your report, you should contact your email deployment team or vendor and inquire with them. Determination may be made that there is a problem with the email deployment system or operations leading up to encoding by your deployment engine.
Message only has text/html MIME parts - Body Rule

Explanation


This SpamAssassin rule scans the body looking specifically for the MIME components of the email message. Most personal email is sent as "text" or as "multi-part" combinations that send text content and HTML content in the same message. Most email deployment systems do this as well - allowing the recipient email client to display the content type relative to capability and user preference. Sending email messages that are comprised of only an HTML content type is common in spam.

Suggestion


If this rule is being flagged in your report, you should contact your email deployment team or vendor and inquire with them. Depending upon the score for the rule in your report, you may just want to leave this as is.
I Wonder How Many Emails They Sent In Error - Body Rule

Explanation


This SpamAssassin rule scans the body looking for a statement indicating the email or message may have been sent in error to the recipients.

Example


If we have sent you this message in error, please accept our apologies.

Suggestion


If, at the time of this writing, the score is relatively low, and you have a real need to make a statement that matches this rule, you may just live with it. Otherwise, attempt to rephrase.
Encourages You To Waste No Time In Ordering - Body Rule

Explanation


This SpamAssassin rule scans the body looking for statements encouraging the recipient to order quickly.

Example


Don't waste any time, order fast before these are gone!

Suggestion


Any phrase that doesn't exactly match the regular expression above will not trigger the rule.
HTML Font Face Is Not a Word - Body Rule

Explanation


This SpamAssassin rule examines HTML tag "face" attribute. The "face" attribute indicates the typeface to use for presentation of the tagged text. Acceptable values are "arial" ,"helvetica", "verdana" and many others.

Example






Suggestion


A tag whose face value is not a word is invalid HTML and should be corrected.
Gives A Lame Excuse About Why You Were Sent This SPAM - Body Rule

Explanation


This SpamAssassin rule scans the body looking for statements explaining why the recipient received the message.

Example


You have received this message as a member of our newsletter list.

Suggestion


Laws in some states and general best practice for email marketing will require this statement. If you can find another way to phrase this statement without tripping this rule, do so.
"Received" has "may be forged" warning - Header Rule

Explanation


This SpamAssassin rule scans the header looking specifically at the "Received:" header line.

Example


"Received: from smtp.domain.com (smtp.domain.com [299.399.199.199] (may be forged))"

Suggestion


The most likely reason for tripping this rule is that the recipient SMTP server or any of the relay servers in between did a reverse DNS check on the IP address to the host and did not find a match. If this rule if flagged, contact your email deployment team or email vendor for discussion. Spam senders tend to "spoof" or forge a lot of header information, so something like this in your message header should be remedied quickly.
Claims You Can Be Removed From The List - Body Rule

Explanation


This SpamAssassin rule scans the body looking for statements explaining how to be removed from the list by replying via email.

Example


To no longer receive these messages send email to [email protected]

Suggestion


Opt out instructions are required by law in many US states and are considered an email marketing best practice. Whether this scores positive or negative toward your SpamAssassin score, opt out instructions should be in email marketing copy.
Claims you opted-in or registered - Body Rule

Explanation


This SpamAssassin rule scans the body looking for statements explaining how the recipient came to be on the list to receive this email.

Example


because you registered with us long ago.
because you are opted-in with us.

Suggestion


Many best practices for email marketing have included informing recipients how they came to be on your list. Federal law, the Can Spam Act, does not require this. Consider the overall effect of tripping this rule on the spam score of the message in regards to whether you wish to change or disclude your opt in statements and phrases.
HTML Font Color Not Within Safe 6x6x6 palette - Body Rule

Explanation


This SpamAssassin rule examines HTML tag color attribute for colors within the "web safe palette". Most web designers have powerful systems capable of displaying 16 or 32 bit colors. Represented in HTML, these colors will display poorly or dither when viewed in an 8-bit environment. Many web users and recipients of HTML email may be using computer systems that are limited to 8-bit color (256 colors). This means they can't see every color in the spectrum - and that is where the browser-safe palette comes into play.

The browser-safe palette is sometimes called the 216-color palette. It is composed of 216 specific colors that are universally recognized by browsers and operating systems, even on 8-bit systems.

Example


Some strange colored text

Suggestion


As a general HTML best practice, more and more users have graphic display capabilities beyond 8 bits, so the web safe palette is less of an issue. For email marketing, it may be a spam sender tactic for drawing attention to text that gives this rule some correlation with spam. Depending upon the overall score of your message, decide whether your "unsafe" color reference is critical or not.
HTML font color is unknown to us - Body Rule

Explanation


This SpamAssassin rule examines the HTML tag color attribute. Basically, in all the analysis, if the color is not determinable by known HTML protocol, it is determined to be unknown.

Example


Some strange colored text

Suggestion


Flagging of this rule probably means your HTML is not totally compliant with protocol. Run your HTML through an HTML syntax checker and make appropriate changes.
Images with XXX-XXX bytes of words (200 to 400|400 to 600|600 to 800) - Body Rule

Explanation


This SpamAssassin rule looks for HTML messages that are very graphic heavy. Spam senders have employed tactics to elude spam filters that include strange and heavy use of Images to obfuscate their messages. The rule looks at the overall amount of HTML, the amount of actual text marked up by the HTML and the Image size and dimensions in the HTML portion of the message body.

Suggestion


Have your creative; design, and/or technical team review the message content, before and after delivery. Ensure that there is not an encoding error with your email deployment engine. Otherwise, confirm if the use of mostly images and little HTML text is warranted for the presentation effect given. Depending upon your overall SpamAssassin score, edit your HTML or keep as is. Specifically, remove some images or add some relevant HTML text to change the level to which this rule is flagged or avoid it all together.
Message is XX% to XX% (50 to 60|60 to 70|70 to 80|80 to 90) HTML - Body Rule

Explanation


This SpamAssassin rule looks for HTML messages that are very HTML code heavy. Spam senders have employed tactics to elude spam filters that include strange and heavy use of HTML tags to obfuscate their messages. The rule looks at the overall size of the message body and the ratio of HTML tags to that copy. It also attempts to identify Image-only messages, which have a correlation to spam.

Suggestion


Have your creative; design, and/or technical team review the message content, before and after delivery. Ensure that there is not an encoding error with your email deployment engine. Otherwise, confirm if the use of "heavy" HTML is warranted for the presentation effect given. Depending upon your overall SpamAssassin score, edit your HTML or keep as is.
Says: "To Be Removed, Reply Via Email" or Similar - Body Rule

Explanation


This SpamAssassin rule scans the body looking for statements explaining how to be removed from the list by replying via email.

Example


To be removed from our list, simply reply or send email to [email protected]

Suggestion


Opt out instructions are required by law in many US states and considered an email marketing best practice. Whether this scores positive or negative toward your SpamAssassin score, opt out instructions should be in email marketing copy.

Can Not Be Combined With Any Other Offer - Body Rule

Explanation


This SpamAssassin rule scans the body looking for statements indicating this offer can not be combined with any other offer.

Example


This is a limited offer that can not be combined with any other offer.

Suggestion


Depending upon your overall SpamAssassin score, consider rephrasing your statement.

HTML Font Color Has Unusual Name - Body Rule

Explanation


This SpamAssassin rule examines HTML tag color attribute. It essentially looks for color values that are not syntactically correct in the hexadecimal RGB notation (e.g. #336699) or that are not navy, gray, red, or white.

Example


Some default colored text

Suggestion


Check your HTML as this rule may show that your HTML code is syntactically incorrect. If you are declaring a color by "name" ensure that the name is valid. If it is, consider using its hexadecimal RGB notation rather than its name reference. Speak with your creative resource or email deployment team for assistance.

HTML included in message - Body Rule

Explanation


This rule simply examines the email message and determines if it contains HTML content. HTML formatted email is a common characteristic of spam, which is why it is identified.

Suggestion


The only way to not flag this rule is to not have HTML content in your email. The rule appears to look specifically for HTML tags and elements - as opposed to email encoding instructions. If a minimum number of HTML tags are found, the rule will flag. The most basic, valid HTML will be flagged by this rule, based upon the analysis. If you desire to send HTML formatted email, there is little you can do about tripping this rule.

HTML has "tbody" tag - Body Rule

Explanation


This rule simply examines the email message and determines if it contains the HTML table tag <tbody>. This rule exists due to the common occurrence of the <tbody> tag in spam.

Suggestion


The only way to not flag this rule is to not have the <tbody> tag in your email. The rule appears to look specifically for this HTML tag. One or more occurrences will match. The <thead>,<tbody> and <tfoot> elements are seldom used, because of bad browser support. Visit here for more information on this tag.

HTML title contains "Untitled" - Body Rule

Explanation


This rule examines the HTML portion of a message for a <title> tag that contains the word "Untitled".

Example


<title>Untitled</title>

Suggestion


Most spam is created with poorly coded HTML. Having the <title> tag value set to "Untitled" is probably common to spam since there is little Quality Assurance in spam operations. Many HTML editing tools may default the word "Untitled" in the <title> tags upon creation of a new document. If this rule is triggered, remove the word "Untitled" and update the value so that it is meaningful and appropriate.
Message Text in HTML Without Specified Charset - Body Rule

Explanation


This SpamAssassin rule examines the MIME Content declarations. It specifically checks "text/html" mime sections for a "charset" value. It does not appear that RFC standards require this, though in terms of documented syntax it would be a best practice to declare the encoding character set to allow for recipient email applications to properly render and represent the data.

Suggestion


Contact your email deployment team or email vendor for discussion regarding setting the charset for text/html MIME sections in email.

From: does not include a real name - Header Rule

Explanation


This SpamAssassin rule scans the header looking specifically at the "From:" header line. Most "non-spam" and personal email communication comes from individuals, where the "real name" portion of the From: line has the senders real name. Spam sending tools may likely leave this out, in which case it becomes an identifying characteristic of spam. Most marketing communication utilizes the "real name" portion of the From: line to denote the name or type of the communication.

Example


From: "John Smith" <[email protected]>
From: "Widget Newsletter" <[email protected]>

Suggestion


The most likely reason for tripping this rule is that the configuration for your email deployment system or for a particular did not have a value set for this particular value of the From: header.

Add to Favourites
Print this Article