Why would SpamAssassin give a positive score for a DMARC reject policy?

A DMARC policy of 'reject' (`p=reject`) on its own does not usually trigger a SpamAssassin positive score. However, if an email fails DMARC authentication (e.g., due to SPF or DKIM alignment issues) and the sending domain has a p=reject policy, SpamAssassin might assign a low positive score ( 0.001 ) to record that this condition occurred, especially if the email was not outright rejected by the receiving server despite the strict policy.

What does MIME_NO_TEXT mean in SpamAssassin?

The MIME_NO_TEXT rule triggers when an email consists solely of an HTML part and lacks a plain text alternative. While not always indicative of spam, providing both HTML and plain text versions is an email best practice for accessibility and compatibility across various email clients.

Why do I get a LONG_INVISIBLE_TEXT score even if I don't see any hidden text?

The LONG_INVISIBLE_TEXT rule flags emails containing a significant amount of text that is hidden from the recipient's view. This is typically achieved by matching the text color to the background color or using extremely small font sizes. Spammers use this tactic to embed keywords to trick content filters without impacting the visible message, hence it receives a positive (spam-increasing) score.

How can I troubleshoot these specific SpamAssassin scores?

You can troubleshoot these scores by obtaining the full SpamAssassin report, usually available through your email service provider or a third-party email testing tool. The report will detail which specific rules triggered and their assigned weights. For authentication issues, verify your SPF, DKIM, and DMARC configurations. For text-related issues, review your email's HTML and CSS for hidden elements or the absence of a plain text part.

Why does SpamAssassin give positive score for DMARC reject and MIME_NO_TEXT or LONG_INVISIBLE_TEXT? - Technical - Email deliverability - Knowledge base

When delving into email deliverability, SpamAssassin often surfaces as a key tool for evaluating email quality. It assigns scores to incoming emails, with positive scores generally indicating characteristics that resemble spam.

It can be perplexing, however, when you see SpamAssassin give positive scores for seemingly contradictory elements, such as a DMARC policy set to 'reject'. This policy is designed to actively block unauthenticated emails, which should, in theory, improve security and deliverability, not detract from it. Similarly, issues like MIME_NO_TEXT or LONG_INVISIBLE_TEXT, even when you believe your HTML content is clean, can raise red flags.

This article explores why these specific SpamAssassin rules might trigger positive scores, helping you understand the underlying logic and how to address them for improved email deliverability.

Suped DMARC monitoring

Free forever, no credit card required

Learn more

Trusted by teams securing millions of inboxes

How SpamAssassin assigns scores

SpamAssassin is a robust open-source spam filter that uses a variety of techniques to identify unsolicited commercial email. It works by assigning a score to each email based on hundreds of rules, which look for common spam characteristics. Each rule has a specific weight, and if the total score exceeds a certain threshold, the email is flagged as spam.

These rules can be static, based on common patterns, or dynamic, using a Bayesian filter that learns from user input. While negative scores reduce the overall spam score, positive scores increase it, pushing an email closer to being classified as spam. Understanding how SpamAssassin rules affect email deliverability is crucial for effective email campaigns.

The key to comprehending these scores lies in recognizing that not all positive scores are necessarily indicative of malicious intent from the sender. Sometimes, a low positive score, like 0.001, might simply be a record it happened score, indicating that a certain condition was met, not that it's inherently spammy. However, other rules with higher positive weights are direct flags for suspicious activity.

It is worth noting that SpamAssassin's rules are configurable, and some hosts might use custom rule sets, which can lead to unexpected scoring. For a general overview of its mechanisms, you can refer to SpamAssassin's scoring rules.

DMARC_REJECT: a closer look

DMARC is an email authentication protocol that helps protect against phishing and spoofing by aligning SPF and DKIM records with the 'From' domain. A DMARC policy of 'reject' (`p=reject`) is the strictest policy, instructing receiving mail servers to bounce emails that fail DMARC authentication.

So, why would SpamAssassin give a positive score (i.e., add spam points) for an email that originates from a domain with a p=reject policy? The key here isn't the policy itself, but what happens if the email fails DMARC authentication despite the domain having such a strict policy. If an email fails authentication but comes from a domain with p=reject, it signals a potential issue, either with the sender's configuration or a spoofing attempt that a lax receiver might not fully reject. You might experience this if legitimate email fails DMARC.

A common SpamAssassin rule is DMARC_REJECT. This rule typically triggers when an email fails DMARC authentication (e.g., SPF or DKIM alignment issues), and the sending domain has a p=reject policy. It's SpamAssassin noting that this email, despite coming from a domain that wants unauthenticated mail rejected, still made it through to the scanner. This could mean the receiving server isn't strictly enforcing the policy, or there's a misconfiguration in the sender's DMARC, SPF, or DKIM.

Understanding the DMARC Reject Policy

Microsoft and

Yahoo have recently tightened their sender requirements, emphasizing the need for proper DMARC enforcement. While a p=reject policy is ideal for security, some mail receivers might treat it as a p=quarantine policy, forwarding the email to spam rather than outright rejecting it. This behavior can sometimes lead to unexpected SpamAssassin scores if the email isn't completely bounced.

It is important to ensure your DMARC record is properly configured and that your emails are consistently passing SPF and DKIM. If you're seeing unexpected blocks, it might be due to your DMARC policy being interpreted differently than intended, or because of underlying authentication failures. For more specific details on SpamAssassin's internal rules, particularly those prefixed with 'KAM', you might need to consult resources like the McGrail Foundation downloads.

MIME_NO_TEXT and LONG_INVISIBLE_TEXT explained

SpamAssassin also flags emails based on their MIME (Multipurpose Internet Mail Extensions) structure and content presentation. Two common rules that often cause confusion are MIME_NO_TEXT and LONG_INVISIBLE_TEXT.

The MIME_NO_TEXT rule triggers when an email contains only an HTML part, without a plain text alternative. While modern email clients can display HTML, providing a plain text version is considered a best practice for accessibility and deliverability. Some spam filters see the absence of a plain text part as a potential indicator of spam, assuming that legitimate emails would typically include both. This is also important when considering how base64 encoding affects spam scores.

On the other hand, LONG_INVISIBLE_TEXT is a more direct indicator of a spammer's tactic. This rule identifies large amounts of text that are intentionally made invisible to the human eye, for example, by setting the font color to match the background color (e.g., white text on a white background) or using extremely small font sizes. Spammers often use this technique to embed keywords or evade spam filters, trying to trick content-based filters without affecting the visible message. SpamAssassin also has a specific rule, FONT_INVIS_MSGID, which tests for hidden text within the message ID.

Best practices for email content

Plain text version: Always include a plain text alternative for your HTML emails.
Readable text: Ensure all text is visible and legible, using contrasting colors and standard font sizes.
Clean HTML: Use semantic and well-structured HTML, avoiding excessive inline styling or obscure tags.

Practices to avoid in email content

HTML-only emails: Sending emails without a plain text part is a common flag.
Hidden text: Using font colors that match the background or tiny font sizes to hide content.
Keyword stuffing: Embedding irrelevant keywords, even if hidden, to try and boost perceived relevance.

Troubleshooting SpamAssassin scores

When facing unexpected positive SpamAssassin scores, thorough investigation is essential. The first step is to examine the full email headers and the SpamAssassin report, which usually details which rules were triggered and their corresponding scores. This can be done using a dedicated email deliverability testing tool that provides a detailed breakdown of the score.

For DMARC_REJECT, verify that your emails are consistently passing SPF and DKIM authentication. Use a DMARC record generator tool to ensure your DMARC record is correctly published and aligns with your sending practices. Remember that forwarding emails through certain gateways can sometimes disrupt authentication headers, leading to skewed results in testing tools like mail-tester.com.

For MIME_NO_TEXT, always ensure your email sending platform automatically generates a plain text version of your email. If it doesn't, you may need to manually create one. For LONG_INVISIBLE_TEXT, meticulously review your HTML and CSS for any hidden content or text where the color matches the background. This often requires checking font sizes, colors, and potential CSS overrides that might render text invisible.

In some cases, the positive score might be a minor flag that doesn't significantly impact your overall deliverability, especially if your domain reputation is strong and you avoid other spam triggers. However, consistently aiming for a clean SpamAssassin score is a fundamental aspect of maintaining excellent email deliverability and avoiding email blocklists (or blacklists).

Views from the trenches

Best practices

Always include both HTML and plain text parts in your emails to avoid MIME_NO_TEXT flags.

Ensure all text is clearly visible and readable, avoiding hidden content techniques.

Regularly check your DMARC, SPF, and DKIM configurations for proper alignment and validation.

Common pitfalls

Forgetting to include a plain text version, leading to 'MIME_NO_TEXT' flags.

Using invisible text (white on white, tiny fonts) to 'stuff' keywords, triggering 'LONG_INVISIBLE_TEXT'.

Overlooking authentication failures when a DMARC 'reject' policy is in place.

Expert tips

Use tools that can break down SpamAssassin scores to identify exact rule triggers and their weights.

Be aware that testing tools might process emails differently, affecting authentication scores.

Thoroughly review your email's raw source code for unexpected or hidden elements.

Expert view

Expert from Email Geeks says that the default DMARC_REJECT score for non-Bayesian scoring is typically very low, intended mainly to record that the event occurred.

June 6, 2024 - Email Geeks

Marketer view

Marketer from Email Geeks says that DMARC rules in SpamAssassin usually only assign points if an email fails underlying authentication checks, especially if it's not DKIM signed, and the DMARC policy is set to reject.

June 7, 2024 - Email Geeks

Key takeaways for email deliverability

Navigating SpamAssassin scores can feel like a complex puzzle, especially when rules like DMARC_REJECT, MIME_NO_TEXT, and LONG_INVISIBLE_TEXT appear counterintuitive. However, by understanding the nuanced logic behind these rules, you can effectively diagnose and resolve potential deliverability issues.

A positive score doesn't always signify spamming behavior, but rather indicates that a particular rule has been triggered. Focusing on proper email authentication, including robust DMARC implementation and consistent SPF and DKIM alignment, alongside clean and transparent email content, will help you achieve better inbox placement and avoid unnecessary spam flags. Continuous monitoring and testing remain key to successful email programs.