December 2, 2019

Deliverability 101: How do Email Spam Filters Work?

Reading time about 12 min

What stops your email campaigns from getting delivered? What’s considered as spam? And how does an email spam filter work anyway? This article takes a deep-dive into the journey of email and the various spam filters it encounters along the way.

If you’re an email marketer, you’ll know how important email deliverability is to the success of your campaigns. 

So, why is it important to know about email spam filters?

Understanding spam and how email spam filters work will give you a better chance at inbox placement. Because, let’s be honest, if your emails don’t make it to your contacts’ inbox, then you might as well not send any emails at all.

This knowledge will also come in handy when choosing an Email Service Provider (or ESP – that’s us by the way!). While there are some best practices a marketer should use to get past spam filters, a lot of the deliverability heavy lifting is done by the ESP. So naturally, you’d want to choose a good one.

What Is Spam? 

Before we can talk about spam filters, we have to understand spam itself. 

First came email. Then came spam. Then came spam filters. Then came email marketing service providers and inbox placement concerns.

Many people think that spam is equivalent to a scam. Scams can be many things, from the Nigerian Prince Scam to phishing emails posing as banks needing you to re-confirm your personal details, to advertisements for male enhancement pharmaceuticals. And email is just one of many forms – and perhaps the most common – that scams can take.

But while many scammers do send bucket loads of spam, spam and scams are two separate things.

Scam emails are malicious spam. But you don’t have to have nefarious intent to be a spammer.

What characteristics classify an email as spam?

The U.S. Federal Trade Commission defines spam as “unwanted commercial email” (UCE). And the Spamhaus Project, the biggest international nonprofit organization fighting spam, defines it as “unsolicited bulk email” (UBE). 

Although they differ slightly, what these definitions have in common is they stress that to be classified as spam, an email needs to meet two criteria:

  1. It is unwanted or unsolicited. This means the recipient did not ask to get this email.
  2. It is sent in bulk to many recipients (as opposed to just one or two). 

Many people will tell you that “spam is in the eye of the beholder” and “one person’s spam is another person’s ham.” That is absolutely correct.

A recipient defines what spam is, not the sender.

Occasionally recipients sign up for legitimate email marketing, and then they forget they signed up for it.

In that case, it’s, unfortunately, still a type of spam. It is unwanted. That’s why you always need to provide all recipients the option of unsubscribing from your list in every single email that you send. If a contact decides that your email is spam, they have a quick and easy way to stop receiving email from you.

As an email marketer, you don’t get to say if you’re sending spam or not, your contacts decide. Your best bet is to send bulk emails without spamming.

Why were email spam filters created? 

In the 1990s, the email industry was booming. The number of email users skyrocketed globally in the mid- to late-90s.

While everyone and their mothers were signing up for an email address, marketers began to go crazy over the potential of email marketing. But they weren’t all savvy enough to use consent-based marketing or opt-in marketing. 

Unsolicited emails flooded people’s inboxes, often causing them to overlook important messages and prevent all meaningful communication.

Naturally, people came up with ways to block these unwanted emails. And that is how anti-spam solutions were born.

With the advent of email filters came the idea of email deliverability, and the need for email service providers. Sending out messages in bulk usually signified to internet service providers (ISPs – like Gmail, Outlook, Yahoo, etc.) that you were a spammer. 

So email marketing services like Brevo were born: as a means to send legitimate permission-based email marketing campaigns.

Now that we’re all on the same page about what spam is and where the term came from, we’ll look at how ISPs keep out spam today.

The journey of an email: The spam filters it encounters

Despite its instantaneous nature, every single email you send has to complete a long journey from the sender to the recipient. 

It passes through multiple filters, which run authentication processes, as it travels through the internet from one server to the next.

In the case of email marketing, you are probably using an email service provider (ESP) like Brevo to send your email campaigns.

The email is passed to your ESP servers where the message transfer agent (MTA) does the work of sending the email out into the internet. From there it’s sent to servers owned by ISPs, also called inbox providers where it encounters anti-spam checks. 

Typically, when an email gets past spam filters, its journey goes a bit like this:

Step 1: Pressing send

You hit send and the message leaves the outbox.

Step 2: Leaving the MTA (Message Transfer Agent)

The message passes through the MTA’s outbound filters.

Before the message transfer agent (MTA) releases your email from your server or the ESP’s onto the internet, it must be checked by internal filters. If an ESP does not have internal filters set up to monitor and catch spam, then your ESP is not doing its job.

These internal checks ensure that no spammers are trying to make use of your ESP’s software and servers. Every ESP should run their own checks, and what constitutes those checks is usually proprietary and top secret.

Step 3: Traveling the internet

As tiny bits of data, the email passes from router to router on the internet where it gets mixed in with all the other billions of email messages sent around the globe every day.

Step 4: Getting through the gateway filter

The message is checked by your ISP’s gateway filter and either enters the server or is rejected.

This is the first email spam filter your message may encounter – an initial set of checks. If your email fails to pass the guards at this gate, it will not make it onto the ISP’s server.

This filter works on an SMTP basis, which stands for simple mail transfer protocol, and functions like a firewall for your email server.

It might decide to not let your message in for any number of reasons – e.g., a faulty/outdated recipient address or an overly large attachment. But other reputation reasons can come into play here, as well, such as a poor IP reputation or a blacklisting. (One way to quickly check your IP reputation for free is to figure out its sender score.)

The gateway filter also examines technical elements of the email’s header and any authentication it uses, such as DKIM, SPF, and DMARC. They prove to the ISP there is a good chance that your message is legitimate and it hasn’t been tampered with.

If your message does not pass the gateway filter, then it will be returned to you as a hard or soft bounce (key email metrics).

Another option that can occur in the gateway filter is graylisting. This is a spam protection mechanism wherein the message transfer agent (MTA) temporarily rejects all emails.

Step 5: Getting Sorted by Internal Spam Filters

The message passes through internal (hosted or on-premise) spam filters, which send it to the inbox, to the spam folder, (to a specific inbox tab) or reject it completely.

The email’s journey is not over yet. Everything covered up until here accounts for delivery rate.

But the last few steps of the journey before we get to inbox placement are still to come. There are more filters to pass. These internal filters can be either hosted or on-premise. These checks happen on the server or after the message is retrieved by a mail user agent (MUA).

Internal filters decide if a message lands in a spam folder or the regular inbox. A message can also be deleted or rejected at this point, too. This is also the place where a message can be sorted into various inbox tabs, such as Gmail has, promotional, social, etc. 

The complexity of internal spam filters

Note, too, that depending on how many layers of security make up a company’s anti-spam solution, it could also encounter more than one internal email filter here.

More specifically, this means that elements such as IP address reputation, blacklisting and sender reputation (this can include engagement metrics) play a role here, as well. Filters also scan content for suspicious links and wording.

There are many services offering hosted and on-premise spam filters, such as Spamhaus, SpamAssassin, Barracuda and Cloudmark, to name just a few. These filters have trade secrets for detecting spam, but they work with similar means as the gateway email filters, relying on the email’s header and content to give them information.

In B2B emailing, anti-spam solutions like those named above usually give companies control over how aggressively a spam filter behaves.

Most administrators choose a medium aggression level. Or they set the aggression to high and then have employees manually check the spam folder to save false positives.

Step 6: Passing Through the Black-Box Filter

Finally, you have the personal or black-box filters. These function at the inbox level and learn from a recipient’s previous choices. Here, the message either gets sorted into the inbox or into spam. 

They are almost always machine-learning filters, so they come to reflect their recipient’s preferences. They’re called black-box filters because no one outside your ISP can truly know what goes on inside them. Every recipient’s black-box filter will look different. It’s all up to the recipient.

If you haven’t opened a message from a newsletter for a while, your inbox might decide it’s spam, and start putting it there. If you “rescue” a sender from the spam filter, your spam filter will learn not to place it there again.

Step 7: Landing in the Inbox

The message has made it past the spam filters and arrived to its intended destination. Whether or not the recipient opens the message, however, is all up to you as a marketer!

There you have it – the typical journey of an email!

Every journey will, of course, be slightly different. Some smaller inbox providers might not even use a gateway filter. (Although that would be rare.)

How spam filters work: Techniques used

Spam filters look at a variety of factors to judge whether an email is spam. Most of these are technical (IP address source, authentication, domain address) and some of these are content-oriented (wording and URLs).

To get into the nitty-gritty of how spam filters work, here are some of the most common techniques:

Basic Spam Filter Techniques

  • Header filtering (also known as reputation filtering): ensures the email header has not been tampered with and is from a secure source
  • IP filtering: an important step of header filtering. This filters based on IP reputation. If an IP address is on a blacklist, this is where it is caught
  • Sender filtering: uses internal engagement metrics to decide if the sender is reliable
  • Content filtering: checks that the content of the email is not suspicious. 
  • Word filtering: checks that the content of the email does not follow any current or familiar scamming vocabulary. Note: This is what most people think of when they think of spam filters, but wording actually plays only a small role in the larger scheme of filtering
  • URL (domain) filtering: identifies links within the email message itself that are currently being used in widespread phishing campaigns, or that may be suspicious because they’ve been shortened

More Complex Spam Filter Techniques

  • Rule-based filtering: works with user-created rules to score emails according to statistical matching and content. SpamAssassin, which is an open-source filter, works in this way. The user sets specific thresholds for spam scores that define what is spam, what could be spam, and what isn’t spam. Emails with lower spam scores will always land in the inbox, but the user can decide how low they have to be to land in the inbox. The user can also set a middle value, for example, anything scoring above 5, which will then be delivered to the spam folder. Finally, the user usually also determines a high score, for example, emails rating above 10, that then should be rejected or deleted
  • Fingerprinting filtering: works with specific message identifiers that are compared to other messages with similar identifiers. The anti-spam provider CloudMark is known for developing this

The word filtering can be something of a misnomer because it is such a passive word. A spam filter does not work like a charcoal filter, put in place to passively strain out impurities. When it comes to email, filtering is an active process, involving many layers of checks and communication with other servers.

Deliverability: A top priority at Brevo

Now that you understand how spam filters work, you’ll feel more confident talking with potential ESPs about what they can do to ensure high deliverability for your email campaigns.

At Brevo, we take deliverability very seriously. We work hard to ensure the performance and reputation of our shared IPs. All emails are obliged to meet or exceed a set of baseline metrics to preserve our service quality for all Brevo customers.

Interested in Brevo? Open an account today and you can send up to 9,000 emails a month for free. You’ll also be able to carry out deliverability tests on your campaigns before sending them.

Ready to grow with Brevo?

Get the tools you need to reach your customers and grow your business.

Sign up free