Spam trigger words 2026: which still matter and which are myths

Every cold-email blog still recycles the same list of 400 spam trigger words. "Don't say free." "Don't say guarantee." "Don't say click here." The lists are mostly correct for SpamAssassin in 2008. They are largely irrelevant for Gmail, Outlook and Yahoo in 2026, where the scoring model is dominated by sender reputation, engagement history and link-domain quality. A single word almost never decides inbox vs spam.

Why the old word lists are obsolete

The classic SpamAssassin rules — BODY_8BITS,FREE_PRICE, EXCESS_PUNCT — are still in the source tree, but each one contributes a fraction of a point. SpamAssassin's default threshold is 5.0. A single word rule adds 0.1–0.3. You would have to stack 20 trigger words to get flagged on vocabulary alone, and modern filters have long since moved past that scoring model.

Gmail uses a deep-learning model trained on actual user behaviour. The training signal is whether real recipients hit the spam button, archived without reading, replied, or moved between folders. Word vocabulary is one feature among hundreds, and a weak one. A message from a sender with high engagement can say "FREE TRIAL" in the subject and still inbox. A message from a cold sender with no reputation can say nothing of the sort and still go to spam.

Outlook is similar — SmartScreen has been retired, and the replacement uses ML on engagement and authentication signals. Yahoo, AOL and Mail.ru all run their own ML filters with the same general weighting.

Words that still flag (in combination)

A handful of vocabulary patterns still measurably hurt. None of them are decisive on their own. They become problems when they co-occur with weak authentication, cold sender, or low-reputation link domains:

• Adult / pharma vocabulary. "Viagra", "cialis", "adult dating", explicit anatomy. Hard-coded category penalties survive across every filter.
• Financial scam vocabulary. "Inheritance", "Nigerian prince", "wire transfer urgent", "congratulations you have won". Pattern-matched, not word-by-word.
• Crypto pump phrases. "100x guaranteed", "moon shot token", "exclusive presale". Added to ML training sets aggressively in 2022–2024.
• Excessive urgency stacks. "ACT NOW" + "LIMITED TIME" + "LAST CHANCE" in one message reads as classic mass-marketing template. Each phrase alone is fine.
• Impersonation patterns. "Your account has been suspended", "verify your password", fake shipping notices. These trigger phishing-class scoring, which is much heavier than spam-class.

Myths: words that no longer matter on their own

We tested ~250 commonly-cited "trigger words" in a controlled environment with seed mailboxes across Gmail, Outlook, Yahoo, GMX and Mail.ru, sending from authenticated domains with established reputation. Words that produced zero measurable change in placement:

• Free, free trial, free shipping, free quote
• Guarantee, guaranteed, money-back
• Click here, click below, click to learn more
• Save, discount, sale, % off, bonus
• Buy now, order now, shop now
• Open, opens (yes, the word "open")
• Cash, dollars, $, prices in subject line
• Risk-free, no obligation, no cost
• Order today, hurry, fast
• You, your (no, second person is not a trigger)

Every one of those landed in primary inbox at Gmail when sent from a warm domain to engaged recipients. The opposite test — sending the most innocent possible copy from a cold domain with no SPF — went to spam every time.

Punctuation, caps and formatting

These do still matter, more than vocabulary:

• ALL CAPS subject lines. Modest penalty across all filters. ALL CAPS in body text — bigger penalty.
• Multiple exclamation marks. "!!!" or "????" — small penalty per occurrence, scales with count.
• Excessive emojis. One or two emojis are fine and can help engagement. Five+ in a subject line scores as marketing template.
• Hidden text / white-on-white. Heavy penalty. A decade-old trick filters catch instantly.
• Image-only emails. Penalised because filters can't score the content; assumed to be hiding intent.

Link reputation matters more than link words

Calling a link "Click here" vs "Read the report" moves the spam score by essentially zero. The domain you link to moves it by a lot. A link to a fresh, just-registered domain on a residential IP scores worse than the same anchor text linking to a 10-year-old established domain.

Filters check every link against URIBL, SURBL and Spamhaus DBL. A single bad link sends the whole message to spam regardless of how clean the rest of the copy is. If you use shorteners (bit.ly, t.co, tinyurl), you inherit the shortener's reputation — which has been dragged down by years of abuse.

How to actually test what affects your placement

Real testing methodology, not Pinterest copy advice:

1. Send the same message from the same domain to a seed-mailbox set across 15+ providers. Record placements.
2. Change one variable. Send again 24 hours later. Record.
3. Repeat for each variable you want to test (subject vocabulary, link count, image ratio, etc.).
4. Always test on warmed and cold domains in parallel — many findings only show up on cold domains where the reputation floor is low.
5. Discard tests where authentication or DNS state changed between runs.

After ~30 controlled tests you'll have your own ranked list of what affects placement for your specific sending pattern. This list is far more useful than any general "avoid these words" article.

Practical copywriting rules for 2026

• Write like a human, not like a marketing template.
• Match subject to body — "quick question" followed by a 2,000-word landing page is dishonest signal.
• One CTA per email. Multiple CTAs read as broadcast.
• Keep total link count under 5 for cold outreach.
• Personalize meaningfully — first-name only is detectable as mail-merge.
• Plain-text alternative version is mandatory.
• Don't agonise over individual words. Your copy editor is not your spam-filter consultant.

Frequently asked questions