Rspamd Score Check: What Modern Spam Engines Think About Your Email

For twenty years SpamAssassin was the reference open-source spam filter. Every deliverability blog taught you to "keep your SpamAssassin score below 5." That advice is still on every tutorial written before 2020, and it is now wrong for a growing share of receivers.

Rspamd is what Mailcow, Mailu, Postfix-based hosting providers and most new enterprise MTAs actually run in 2026. Its architecture is different, its scoring is different, and the symbols you need to watch are different. Here is how to read your score — and how the free check at check.live-direct-marketing.online surfaces the same signals a receiving Rspamd would raise.

Why this matters

If the receiving MTA runs Rspamd and you only optimise for SpamAssassin, you are blind to half the signals. URL reputation, fuzzy hashes, RBL scoring and Bayesian probability are weighted differently between the two engines. A clean SpamAssassin score is no longer sufficient.

Rspamd vs SpamAssassin

Both are rule-based scoring engines. Both produce a numeric score that gets compared to a threshold. The differences are in speed, architecture, and which signals get heavy weight.

Speed. Rspamd is 3–10x faster than SpamAssassin on the same message. Written in C with asynchronous I/O, it can query 10 RBLs and 3 URL lists in parallel.
URL reputation. Rspamd has first-class SURBL, URIBL and Phishtank integration. SpamAssassin supports these via plugins but they are often under-configured.
Bayesian. Rspamd's Bayes implementation is more aggressive and learns faster, which means honest senders can get hit harder by local Bayesian accidents.
Fuzzy hashes. Rspamd ships with a fuzzy-hash module out of the box — a "message looks similar to known spam" signal SpamAssassin has to be patched for.
Scoring. Rspamd's default thresholds are greylist 4, add_header 6, reject 15. SpamAssassin's is 5.

The score scale (0 to 15)

A fresh, well-authenticated marketing email from a reputable sender typically scores 0 to 1. A legitimate but careless email (image-heavy, weak copy) scores 1 to 3. A borderline message with some red flags scores 3 to 6. Anything above 6 is adding a Spam header; above 15 is outright rejection.

Unlike SpamAssassin, a negative score is common in Rspamd — good signals like valid ARC chains, allow-listed domains, and proper DMARC reduce the score below zero. That does not mean spam; "ham" messages often land at -2 to -4.

Key symbol groups

Rspamd assigns named symbols with positive or negative weights. Groups you will see most often:

SURBL_*

URL blacklist hits. SURBL_MULTI_MW, URIBL_BLACK, PH_SURBL_MULTI. Any of these alone can add 5–8 points. Often the sole reason a technically-clean email lands in spam.

BAYES_*

Bayesian classifier output. BAYES_SPAM adds 2–5 points; BAYES_HAM subtracts. If your message getsBAYES_SPAM on a fresh deployment, suspect local training contamination on the receiver — not your content.

FREEMAIL_*

Fires when From, Reply-To or envelope uses a free mail provider. FREEMAIL_FROM, FREEMAIL_ENVFROM. Small weight (0.2–1.0 each), but they stack when mixed with other signals. Problem for senders using Gmail personal as the From domain.

HAS_*

Structural facts about the message. HAS_DATA_URI, HAS_ATTACHMENT, HAS_LIST_UNSUB, HAS_REPLYTO. Some are negative-weight (HAS_LIST_UNSUB), some neutral.

The ten symbols that trip honest senders

These are the symbols we see most often in false-positive complaints from senders who believe they are doing everything right.

R_SPF_FAIL or R_SPF_SOFTFAIL — SPF not aligned with connecting IP. Fix: update SPF record.
DMARC_POLICY_REJECT — DMARC at p=reject and message did not align. Fix: align DKIM on your sending domain.
URIBL_BLACK — a URL in body is on a blacklist. Fix: scan every link through SURBL before sending.
MIME_HTML_ONLY — no plain-text alternative. Fix: always send multipart/alternative.
HTML_SHORT_LINK_IMG_1 — single-image email with a single link. Fix: add real text content.
SUBJ_ALL_CAPS — subject line shouting. Fix: sentence case.
RBL_SENDERSCORE — sending IP has poor sender score. Fix: warm up sending IP, monitor Google Postmaster and SenderScore.
FORGED_SENDER — From and envelope-from diverge without SPF alignment. Fix: set envelope-from to your domain.
FREEMAIL_REPLYTO_NEQ_FROM_DOM — Reply-To is a different free-mail domain from From. Fix: unify or remove Reply-To.
FUZZY_DENIED — message body closely matches a known spam template. Fix: rewrite or vary templates.

Example Rspamd symbols block

A typical symbol line in an Authentication-Results header or Rspamd web UI:

X-Spamd-Result: default: False [2.10 / 15.00];
 R_SPF_ALLOW(-0.20)[+ip4:203.0.113.0/24];
 DKIM_SIGNED(0.00)[yourbrand.com:s=s1];
 DMARC_POLICY_ALLOW(-0.50)[yourbrand.com,reject];
 HTML_SHORT_LINK_IMG_1(2.00)[];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 ARC_NA(0.00)[];
 FREEMAIL_REPLYTO(1.00)[personal@gmail.com];
 RCPT_COUNT_ONE(0.00)[1];
 MID_RHS_MATCH_FROM(0.00)[]

Reading this line by line: authentication passes (negative weights), but two positive symbols (HTML_SHORT_LINK_IMG_1 at 2.0 and FREEMAIL_REPLYTO at 1.0) push the final score to 2.10 — still below the 6.0 spam threshold, but close enough that one more hit would tip it. Action: drop the free-mail Reply-To and add real text content.

Fixes for the common symbols

Almost every Rspamd symbol that hits an honest sender maps to a known fix. The pattern: authentication, content, reputation.

Authentication symbols (R_SPF_*, R_DKIM_*, DMARC_*) — fix the DNS first. Nothing else matters until these are clean.
Content symbols (HTML_*, MIME_*, SUBJ_*) — rewrite the message. Multipart with real text, sentence-case subjects, balanced text-to-image ratio.
Reputation symbols (RBL_*, URIBL_*,FUZZY_*) — list hygiene and domain reputation. These are the hardest to fix and take weeks.

Free Rspamd score check

The inbox placement test at check.live-direct-marketing.online runs a full Rspamd scoring pass on every test message. You get the same symbol list a receiving Rspamd would emit, with weights and fix suggestions. No signup. No daily limit. The check runs the current Rspamd stable with default rule weights, which is what most self-hosted and managed providers ship with.

How it integrates with an inbox placement test

Rspamd scoring is one signal among many. A complete inbox placement workflow runs in parallel: send to 20+ seed mailboxes, capture screenshots, record folder placement, parse Authentication-Results, score the content through Rspamd and SpamAssassin, scan all links and the sending IP through DNSBLs, check DNS health. The Rspamd view then sits alongside the per-provider placement table, so you can correlate "Outlook landed in Junk" with "Rspamd scored 6.3 because of URIBL_BLACK on our tracking domain."

Frequently asked questions

Which engine does Gmail / Outlook / Yahoo run internally?

None of the three ISPs runs Rspamd or SpamAssassin in production. They run proprietary ML-heavy classifiers. Rspamd and SpamAssassin scores are proxies — useful because the same signals (authentication, URL reputation, structural red flags) feed all classifiers, but not literal predictions of ISP behaviour.

My Rspamd score is 0 but the email still lands in spam. Why?

Because Rspamd is not Gmail. A clean content score does not override a bad domain reputation, a cold IP, or a recipient-side engagement signal. Fix content via Rspamd, fix placement via sustained engagement and authentication.

Can I run Rspamd locally to test before sending?

Yes. Install Rspamd on any Linux host, pipe messages in via rspamc. That gives you the same scoring a receiving MTA would. The free inbox-check tool does this for you without the setup.

Should I still run a SpamAssassin score check?

Run both. Some receivers still use SpamAssassin or a SpamAssassin-derived rule set. The overlap is ~70%, so a clean Rspamd score usually implies a clean SpamAssassin score, but not always. Free tests that run both in parallel cover the gap.

Rspamd score check — what modern spam engines actually see