Live Direct Marketing logo
Inbox Placement Test
Tools7 min read

Check your SpamAssassin score — free, with the full rule breakdown

SpamAssassin still runs on millions of mail servers, from small ISPs to corporate gateways. Here is how to get your real score, see every rule that fired, and knock points off — without a subscription.

SpamAssassin was first released in 2001. Two decades later it still runs on a large share of the SMTP servers your mail passes through — small ISPs, university mail, cPanel hosts, corporate gateways behind Exchange, and nearly every self-hosted stack. Gmail does not use it, but plenty of recipients do. If your score is ugly, you will never see that in a Gmail-only test.

TL;DR

SpamAssassin scores each message by summing rule hits. Under 3.0 is safe; 5.0 is the default spam threshold; 8.0 is certain rejection. A free check gives you the score and every rule that fired, with point values. Fix the top-5 hits and you will usually drop two to three points.

What SpamAssassin is and why it still matters

SpamAssassin is a rule-based content filter. It takes a raw email, runs hundreds of pattern-matching rules against the headers and body, and assigns each match a point value. Some rules are trivial (no valid Message-ID: +0.5). Some are devastating (URIBL hit: +4.0). The final score is the sum.

Why does this matter in 2026? Because the long tail of mail servers does not run Gmail-class ML. A hospital in Ohio, a regional bank, a manufacturing supplier, a government contractor — all very likely filtering through SpamAssassin or a SpamAssassin-compatible engine. If you cold-email B2B, roughly a third of your recipients will be behind it.

How scoring works

The score is a simple sum. Every rule in the SpamAssassin ruleset has a numeric weight; a rule fires when its pattern matches the message; the message gets that weight added. A typical report looks like:

Content analysis details:   (7.4 points, 5.0 required)

 pts rule name              description
---- ---------------------- ---------------------------------
 1.2 MISSING_MID            Missing Message-Id: header
 2.1 URIBL_BLOCKED          ADMINISTRATOR NOTICE: ...
 1.8 HTML_IMAGE_RATIO_02    HTML has a low ratio of text to image area
 0.8 PDS_HP_HELO            HELO was a naked IP
 1.5 MIME_HTML_ONLY         Message only has text/html MIME parts

Seven points from five rules. Anything above 5.0 is marked Spam by default. Above 8.0, most servers reject at SMTP time and you will see bounces.

The score thresholds (0, 3, 5, 8)

  • 0 – 3.0: safe. Default rule set considers the message clean. Small scores from MISSING_MID or URI_HEX are normal.
  • 3.0 – 5.0: borderline. Most servers still deliver, but some aggressive configurations (corporate gateways with required_score 3.0) will flag or junk.
  • 5.0 – 8.0: spam. Default SpamAssassin spam threshold. Message gets tagged, moved to Spam, or rewritten with ***SPAM*** in the subject.
  • 8.0+: rejected. SMTP reject at RCPT or DATA phase. Hard bounce to the sender, no delivery at all.

How to check free

Two practical approaches. The first: send your message through a placement checker that exposes the full SpamAssassin report. Paste the EML into the tool, or BCC a seed address and let the tool intercept it. You get the score and every rule that fired.

The second: if you run your own mail server, SpamAssassin is a single package install (apt install spamassassin), and spamassassin -t < message.eml prints the same report. Useful in CI pipelines before a send.

Inbox Check runs SpamAssassin (and Rspamd) on every placement test automatically. The rule-by-rule breakdown is in the test results panel, free, unlimited.

Common rules that trip honest senders

HTML_IMAGE_RATIO and MIME_HTML_ONLY

Two of the most common scores on legitimate marketing mail. If your email is 90% image with three lines of alt text, SpamAssassin treats it the way it treated image-only spam from 2005 — because that pattern has not changed.

Fix: include a meaningful text-to-image ratio (60/40 is the usual cutoff) and always ship a plain-text MIME part, not just HTML. Most ESPs auto-generate the plain-text alternative; self-hosted stacks often skip it.

URI_HEX, URIBL_*, and SURBL hits

Any URL in your body is evaluated against public blacklists (SURBL, URIBL, DBL) and against pattern rules (hex-encoded URLs, numeric hosts, URL shorteners). A single bad link can add 3–4 points on its own.

Fix: never use bit.ly / tinyurl / t.co links in production mail. If you have a custom tracking domain, check it in DNSBLs before using. If an affiliate link or partner URL keeps hitting SURBL, drop it.

PDS_HP_HELO and MISSING_HEADERS rules

Headers your ESP should set automatically: Message-Id, Date, Received, a well-formed HELO that matches the sending IP's PTR record. Self-hosted Postfix without proper configuration often fails PDS_HP_HELO because the HELO hostname is a bare IP or localhost.localdomain.

Fix: set myhostname in Postfix to a real FQDN that resolves forward and reverse (FCrDNS). Any competent ESP handles this for you; if you see MISSING_HEADERS hits, you are probably sending from an unconfigured mail server.

Quick wins to reduce score

  1. Strip the ALL-CAPS and triple-exclamation from your subject line. Worth ~0.5–1.5 points.
  2. Add a plain-text alternative part. Worth 1.5 points from MIME_HTML_ONLY.
  3. Check every link against Spamhaus DBL and SURBL before sending. Removing one flagged link can shave 3+ points.
  4. Include a valid List-Unsubscribe header. Worth ~0.5 points and required by Gmail and Yahoo anyway.
  5. Fix missing Message-Id and Date headers. Worth ~1 point and a sign of a misconfigured sender.

GlockApps' version of the same check

GlockApps runs SpamAssassin as part of its paid Inbox Insight report. The rule breakdown is in the same format every open-source SpamAssassin tool produces — it has to be, because that is the output of the spamassassin -t binary. What you pay for with GlockApps is the dashboard and historical tracking, not the scoring engine itself.

Credit where due: GlockApps pairs the SpamAssassin score with per-provider folder placement in one report, which is a genuinely useful correlation. The same correlation is available in Inbox Check — same view, same per-provider alignment — without a subscription. If you want integrated uptime monitoring alongside the SpamAssassin history, GlockApps has that and Inbox Check does not.

A note on Rspamd

Rspamd has quietly replaced SpamAssassin as the default spam engine on modern self-hosted stacks (Mailcow, iRedMail, Postfix with Rspamd proxy), and it is used by many European ISPs. The scoring model is similar but not identical — Rspamd leans more on reputation and statistical token matching, SpamAssassin leans more on explicit pattern rules. Checking only SpamAssassin in 2026 misses half the picture.

Inbox Check runs both engines on every test. GlockApps runs SpamAssassin only.

GlockApps vs Inbox Check

  • Inbox placement test — GlockApps: $59/mo (3 free/mo) — Inbox Check: Free, 3/day
  • Providers — GlockApps: ~15 (no CIS, no EU) — Inbox Check: 20+ (Gmail, Outlook, Yahoo, Mail.ru, Yandex, Rambler, GMX, Orange, ProtonMail…)
  • Inbox screenshots — GlockApps: No — Inbox Check: Yes
  • SPF/DKIM/DMARC — GlockApps: In paid report — Inbox Check: Every test, free
  • SpamAssassin + Rspamd — GlockApps: SpamAssassin (paid) — Inbox Check: Both (free)
  • DNSBL check — GlockApps: Paid — Inbox Check: Free
  • MCP for AI agents — GlockApps: No — Inbox Check: Yes
  • Signup — GlockApps: Required — Inbox Check: Not required
A caveat

SpamAssassin scores are necessary but not sufficient. A message with a score of 0.0 can still land in Spam at Gmail — because Gmail uses its own ML, not SpamAssassin. Use SpamAssassin to catch the worst content problems; use per-provider placement tests to see where your mail actually goes.

Frequently asked questions

What is a good SpamAssassin score?

Under 3.0 is safe for almost any configuration. Under 1.0 is ideal but hard to hit on modern marketing HTML. Above 5.0 and you will be flagged by default SpamAssassin installs; above 8.0 and you will be outright rejected.

Does a low SpamAssassin score guarantee Gmail inbox?

No. Gmail does not use SpamAssassin. A 0.0 message with no DKIM and a bad sender reputation will still land in Gmail Spam. SpamAssassin catches content problems; it cannot fix authentication or reputation.

How is Rspamd different from SpamAssassin?

Similar scoring mechanic, different ruleset and heavier weight on reputation and Bayesian tokens. A message can score 1.0 on SpamAssassin and 5.0 on Rspamd if it looks suspicious statistically without hitting any explicit rule. Check both.

Can I lower the score by padding the body with text?

In theory, yes (higher text-to-image ratio, more natural prose). In practice, adding filler trips other rules (REPLY_TO_EMPTY, BODY_SHORT, BAYES_*). Lean prose scores better than padded prose.
Related reading

Check your deliverability across 20+ providers

Gmail, Outlook, Yahoo, Mail.ru, Yandex, GMX, ProtonMail and more. Real inbox screenshots, SPF/DKIM/DMARC, spam engine verdicts. Free, no signup.

Run Free Test →

Unlimited tests · 20+ seed mailboxes · Live results · No account required