What signals do spam filters look at?

Spam filters examine signals across four main categories: authentication, reputation, content, and behavior. Each category contributes to the final filtering decision.

Authentication signals include SPF, DKIM, and DMARC results. Filters check whether the sending server is authorized, whether the cryptographic signature is valid, and whether the domain alignment passes. Failed authentication is a major red flag.

Reputation signals cover the sending IP address, the domain, and any URLs embedded in the message. Filters query blocklists like Spamhaus and maintain internal reputation databases built from past behavior.

Content signals include header structure, subject line patterns, HTML quality, text to image ratios, and the presence of suspicious phrases or links. Behavioral signals track how recipients interact with mail from that sender, including opens, clicks, replies, deletions, and spam complaints.

Every signal is a data point on the chart. Filters navigate by combining them all to plot the safest course for each message.