Summary
SpamAssassin gives positive scores for DMARC reject (when authentication fails), MIME_NO_TEXT (missing plain text version), and LONG_INVISIBLE_TEXT (hidden text) because these characteristics are commonly found in spam emails. DMARC_REJECT is triggered when an email declares a 'reject' policy but fails SPF/DKIM checks, suggesting potential spoofing. MIME_NO_TEXT occurs because spammers often omit plain text to avoid text-based filters. LONG_INVISIBLE_TEXT identifies hidden text, a tactic used to manipulate indexing or hide links. While individual rule scores may be low, SpamAssassin's cumulative scoring means these factors, combined with others, can lead to a spam classification. Misconfigured DNS records, custom rulesets, and incorrect MIME structures can also contribute. Avoiding these practices and ensuring proper authentication are crucial for deliverability.
Key findings
- DMARC Reject as Indicator: A positive score for DMARC reject often signifies a failed authentication, hinting at potential email spoofing or unauthorized sending.
- Missing Plain Text as Spam Signal: The absence of a plain text version in MIME emails (MIME_NO_TEXT) is a common characteristic of spam, as spammers aim to avoid text-based filters.
- Hidden Text as Deceptive Technique: Excessive hidden text (LONG_INVISIBLE_TEXT) is recognized as a technique used by spammers to manipulate search engine indexing and/or conceal malicious links from users.
- Cumulative Scoring Impacts Deliverability: While individual SpamAssassin rules may have low scores, the cumulative effect of these scores, combined with other factors, can significantly impact email deliverability.
- Custom Rulesets May Vary: Individual SpamAssassin installations might use custom rulesets (e.g., KAM_ rules) with varying weights and behaviors, affecting overall scoring.
Key considerations
- Implement Proper Authentication: Ensure SPF and DKIM are correctly configured and validated to prevent DMARC reject-related issues.
- Include Plain Text Versions: Always include a plain text version alongside HTML emails to improve deliverability and avoid MIME_NO_TEXT flags.
- Avoid Hiding Content: Refrain from using techniques to hide text or links from users (small fonts, CSS display:none), as this triggers SpamAssassin's LONG_INVISIBLE_TEXT rule.
- Validate MIME Structure: Ensure the email's MIME structure is valid and complete, with correct headers and encoding, to prevent issues related to MIME_NO_TEXT.
- Review Custom Rules: If using a custom SpamAssassin setup, review the configuration and scoring weights to understand how specific rules affect deliverability.
What email marketers say
12 marketer opinions
SpamAssassin assigns positive scores for DMARC reject, MIME_NO_TEXT, and LONG_INVISIBLE_TEXT based on factors indicating potential spam. A positive score for DMARC_REJECT can occur when emails fail authentication (SPF, DKIM) despite a 'reject' policy, suggesting a potential forgery. MIME_NO_TEXT flags emails lacking a plain text version, which is a spam indicator and a deliverability best practice. LONG_INVISIBLE_TEXT identifies hidden text (small fonts, CSS hiding) used to manipulate content visibility. These scores are cumulative, and even low individual scores can lead to a spam classification when combined with other factors. Proper authentication, valid MIME structures, and avoiding hidden text are crucial for avoiding spam filters.
Key opinions
- DMARC Reject Scoring: SpamAssassin assigns positive scores to emails that fail authentication (SPF, DKIM) despite having a DMARC reject policy, as this indicates a potential spoofing attempt.
- MIME_NO_TEXT Issue: The MIME_NO_TEXT rule is triggered when emails lack a plain text version, a factor that contributes to spam classification.
- Hidden Text Detection: LONG_INVISIBLE_TEXT detects hidden text using CSS or small fonts, a common tactic employed by spammers to conceal content.
- Cumulative Scoring: SpamAssassin utilizes a cumulative scoring system, meaning low scores for individual rules can combine to push an email into the spam folder.
Key considerations
- Authentication: Ensure proper email authentication setup (SPF, DKIM) to prevent DMARC_REJECT issues.
- Plain Text Versions: Include a plain text version of your emails to avoid MIME_NO_TEXT flags and enhance compatibility.
- Avoid Hidden Text: Refrain from using CSS or small fonts to hide text, as this triggers LONG_INVISIBLE_TEXT and reduces deliverability.
- MIME Structure: Verify the MIME structure of your emails is correct and complete, including proper headers and encoding.
Marketer view
Email marketer from Reddit explains that SpamAssassin scoring is cumulative. Even if the individual score for DMARC_REJECT is low, if combined with other factors like missing plain text or hidden text, it can push the overall score into spam territory.
23 Mar 2023 - Reddit
Marketer view
Email marketer from Email Marketing Forum suggests MIME_NO_TEXT can be triggered if the MIME structure is incorrect or incomplete. Ensure proper MIME headers and the correct encoding are used to avoid this issue.
17 Feb 2022 - Email Marketing Forum
What the experts say
4 expert opinions
SpamAssassin's positive scoring for DMARC reject, and issues like invisible text, arises from identifying patterns indicative of spam or malicious activity. The default DMARC_REJECT score might be minimal, primarily to register the occurrence, but custom rulesets can adjust the weighting. Invisible content, achieved through techniques like small fonts or CSS hiding, is penalized for its deceptive intent. Ultimately, SpamAssassin aims to flag emails exhibiting characteristics commonly found in spam, even if individual rules seem counterintuitive when viewed in isolation.
Key opinions
- DMARC_REJECT Basic Score: The base DMARC_REJECT score is minimal, acting more as a log entry.
- Custom Scoring Variations: Custom SpamAssassin rulesets may alter DMARC_REJECT scoring based on specific configurations.
- Intent-Based Scoring: SpamAssassin identifies characteristics commonly used in spam, and penalizes practices that hide content or mislead recipients.
- Pattern Identification: The system focuses on identifying patterns and characteristics associated with spam, rather than individual rule violations in isolation.
Key considerations
- Review Custom Rules: Check custom SpamAssassin rulesets for potentially altered DMARC_REJECT scoring.
- Avoid Deceptive Practices: Refrain from using techniques to hide or obscure content, as this raises red flags.
- Consider Overall Spam Score: Understand that individual rule scores are assessed in the context of the overall SpamAssassin score.
Expert view
Expert and Email marketer from Email Geeks discuss DMARC_REJECT rules in SpamAssassin. Steve clarifies DMARC_REJECT is a standard rule in SpamAssassin, whereas Crystal indicates her host uses a custom set potentially overriding the standard rules with a KAM_ prefixed version from McGrail Foundation. Steve suggests the custom rules may have different weighting or simply be included in the custom set, but the behavior sounds identical.
14 Jun 2025 - Email Geeks
Expert view
Expert from Spamresource.com explains that SpamAssassin's scoring system is designed to identify characteristics commonly associated with spam. Even if a particular rule seems counterintuitive (like DMARC reject getting a positive score), it's because the rule is intended to identify potential abuse patterns when combined with other indicators.
11 Oct 2024 - Spamresource.com
What the documentation says
4 technical articles
SpamAssassin assigns positive scores to emails matching patterns common in spam. DMARC_REJECT triggers when an email with a DMARC 'reject' policy fails authentication, suggesting potential forgery. MIME_NO_TEXT flags missing plain text versions, common in spam to evade filters. LONG_INVISIBLE_TEXT detects hidden text used to manipulate indexing or hide links. While individual rule scores might be low, they contribute to an overall spam score.
Key findings
- DMARC_REJECT Rationale: DMARC_REJECT indicates a potential forgery attempt when an email fails authentication despite having a 'reject' policy.
- MIME_NO_TEXT Rationale: MIME_NO_TEXT identifies emails lacking plain text versions, a common tactic among spammers to evade text-based filtering.
- LONG_INVISIBLE_TEXT Rationale: LONG_INVISIBLE_TEXT identifies hidden text, a tactic used by spammers to manipulate search engine indexing and hide unwanted links.
- Cumulative Scoring Effect: SpamAssassin's overall spam score is the result of combining many individual rule scores.
Key considerations
- Authentication Is Critical: Enforce proper email authentication (SPF, DKIM) to prevent triggering the DMARC_REJECT rule.
- Provide Plain Text Alternatives: Ensure emails have a plain text version for compatibility and to avoid MIME_NO_TEXT flags.
- Avoid Hiding Text: Refrain from using hidden text via font sizes or CSS to evade LONG_INVISIBLE_TEXT penalties.
Technical article
Documentation from Apache SpamAssassin Wiki explains that the DMARC_REJECT rule is triggered when an email has a DMARC policy of reject but fails authentication checks like DKIM or SPF. A positive score is assigned because the sender is explicitly telling the recipient to reject unauthenticated mail, and the fact that it's being evaluated means it might be a forgery attempt.
24 Dec 2024 - Apache SpamAssassin Wiki
Technical article
Documentation from MailChannels explains SpamAssassin assigns scores based on a variety of rules, with higher scores indicating a higher likelihood of being spam. While a single rule like DMARC_REJECT may have a low score, it contributes to the overall score which determines if an email is flagged as spam.
17 Sep 2021 - MailChannels
Are spam trigger word lists accurate and should I be concerned about them?
How do DMARC policies and RUA/RUF settings inherit or override each other between a domain and its subdomains?
How do DMARC quarantine and reject policies affect sender reputation and email delivery?
How do SpamAssassin HTML_IMAGE_RATIO scores affect email deliverability and how to diagnose outlook 365 spam issues?
What are spam trigger words and how do they impact email deliverability?
What DMARC policy settings are required for BIMI and how do I determine the best setting for sp=?
