Start trial
PricingContact Us
Log InStart For Free

product-lEd growth

How do spam filters work?

Published August 5th, 2022

Maybe you’re building email notifications into your product-led onboarding sequence. Or you’re getting ready to send out this year’s Black Friday sale announcement. Regardless of what you’re sending, you need them to get through to their recipients — otherwise, those emails are just wasted opportunities. So how do you bypass those nasty spam filters gatekeepers?

John Rau

Marketing Manager at TinyMCE

Before we get into the details of spam filters, let’s take a step back. Email isn’t really all that different from snail mail, is it? Spot the similarities:

  • Once you send it, there’s no undo button
  • It’s up to a network of systems and processes to get it to its destination
  • It’s hard to track where your message is, or if it even arrived
  • If people don’t like what they receive, they either bin it or start to complain

The biggest similarity is that once it’s sent, the message is out of your hands and you just have to hope it arrives at its destination.

That’s where spam filters step into the mix. They look at your email, who you are as a sender, overlay that with behavioral patterns, and if something smells fishy, they block your email from ever reaching its recipient.

What is a spam filter?

Spam filters are algorithms that detect unsolicited, undesired or infected emails, and block those messages from reaching inboxes. There are a variety of spam filters, with detection capabilities ranging from basic pattern matching, all the way through to machine learning.

Spam filters do a lot of work. And much of it is complex, confusing and constantly changing. With the pressure to keep viruses out and determine what’s unsolicited vs solicited, it’s no wonder they sometimes don’t get everything right.

Don’t worry though, there’s lots you can do to ensure you’re playing by the rules and feeding spam filters the information they need, to make an informed decision about your email. More on the steps you can take later.

There are three main types of spam filters: Email service provider, third-party and desktop.


Created in conjunction with HubSpot, this checklist takes the guesswork out of knowing how to avoid even the toughest spam filters

How to bypass the toughest spam filters: the ultimate checklist

1. Email service provider spam filters

These are the spam filters you’re likely using without even knowing. Email service providers are the cloud based services that most people use to send, receive and organize their emails. Think Gmail, Yahoo Mail, Office 365 and Hotmail (yes, Hotmail is still a thing!).

While you may think of those names being mainly used by individuals, many of them offer services packaged for companies to use — en masse with their employees — with one popular service being Google Workspace.

These email service providers have their own built-in spam filters with advanced algorithms that look for the latest spam patterns and apply machine learning (ML) to evaluate a sender’s trust and the message’s inbox-worthiness.

2. Third-party spam filters

Third party spam filters are additional layers of spam protection that companies add to their email system (whether it’s onsite or hosted in the cloud). They work hand-in-hand with the company’s email infrastructure to provide a higher degree of fine-tuning, with the ability, for example, to choose between aggressive anti-spam measures (letting fewer emails in), and looser measures (letting more emails in).

Companies that employ third party spam filters also benefit from more robust reporting and analytics so they can better understand email and spam activity within the company. This can be useful for proactively thwarting targeted phishing attacks against a company.

3. Desktop spam filters

Desktop spam filters are pieces of software that you purchase and install on your computer. They monitor messages once they make it past your email service provider’s spam filters and add an extra layer of protection. The level of protection can be configured to specifically suit your spam tolerance and tastes. As the filters built into email service providers become more and more sophisticated, desktop spam filters have become less popular.

Types of spam

Generally speaking, most spam messages can be bucketed into one or more of the following categories:

Marketing / Ads

This is one of the most common types of spam, and its objective is quite straightforward — to get you to buy something. It could be anything from weight loss pills to viagra. And it could be genuine or a scam.


This is where someone pretends to be someone else, and they’re often trying to use their assumed position of authority (eg. your CEO) to get you to take some sort of action, for example wire them some money or purchase gift cards online.

Money scams

We’ve all heard of this one before. A prince in a far-off land has come across a long-lost treasure but just needs your banking information to help wire the money through to his heirs, in exchange for a health sum he promises you. This is any sort of email scam that attempts to get money from you.

Malware warnings

This is where the recipient gets an email saying that their computer has been infected with a piece of malware. They just need to call a number or install a piece of software on their computer to fix the issue. Like the other types of spam, these are tricks to lure people into taking some sort of action, which often results in a monetary or information gain for the perpetrator.

How is spam detected?

In the early days, spam filters used fairly basic detection methods, mainly looking for keywords and phrases that were known to be used by spammers, and filtering out emails that contained those phrases.

As spam filters evolved, so did the spammers. They caught onto the basic keyword and phrase detection, and became more sophisticated with how they constructed their emails.

At the same time, email service providers were looking for ways to tell the difference between trusted senders (those who play by the rules), and offenders. Authentication mechanisms called SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail) signing and sender scores were introduced as ways to verify the authenticity and reputation of senders, in addition to looking at the email contents.

There are now three main areas that spam filters look at:

  • The contents of the email
  • The legitimacy of the sender
  • Engagement with the email and sender

In recent years, email providers have taken their spam filters to new levels, layering on behavioral data and machine learning to track which emails and senders result in high engagement from users, and which don’t.

The reasoning behind this is fairly straightforward. Gmail, for example, processes millions, if not billions of emails every day. Chances are if a marketing email is being sent to thousands of recipients, at least several hundred of them are using Gmail.

Get started with TinyMCE for Email

Start building using our Email editor starter config and a free 14-day trial.

Or see a demo and talk to an expert

Explore TinyMCE for Email

Hypothetical Gmail example:

If 600 copies of the same email arrive in Gmail inboxes, Gmail can track whether the first 20 recipients open the email, delete it, mark it as spam, or click a link. If Gmail users are happily engaging with that email — opening it and clicking around — it will continue to let the emails into its other users’ mailboxes.

If the email is being deleted by those first several users without being opened, Gmail may consider marking it as spam in the rest of the users’ accounts.

Taking things to the next level, if Gmail detects a lack of behavior among users with emails from a particular sender, they may degrade that sender in their spam system.

All of this is automatically done by Gmail in service of their users — to provide the best email experience possible.

Of course, nobody except the team at Gmail knows exactly how that process works, but it’s an example of using data from the masses of emails to determine its spamminess. If there’s one takeaway from all this, it’s that you should only send emails that your users are interested in and want to engage with. Otherwise, it’s a waste of effort and can degrade the reputation score of your email address.

What is “flagging an email as spam”?

Flagging an email as spam is a popular (and direct) way recipients raise their hands and say “I don’t want this email!”

When they do this, any of the following actions occur, depending on the mail service provider:

  • The email may be moved to the spam folder for other users of the email service
  • The sender’s reputation score can decrease
  • The email service may ignore future emails from the sender
  • An automated complaint may be sent to the sender
  • The email sender may suffer penalties or restrictions from their email marketing provider

Usually if just one or two people flag an email as spam, nothing major happens. But when several flag an email, the email service provider is likely to take some sort of action.

How do I check if my email goes to spam?

While it’s very hard (near impossible) to tell if your emails are going to spam folders since email service providers do not generally report back the automated actions they take against your email, there are a few tricks that can give you a good sense if your emails are going to spam:

Check your spam complaint rate in your email sending tool. If the rate is above 0.1%, that means that more than 1 in 1,000 recipients are reporting your email as spam. If they’re reporting it as spam, there is a possibility that spam filters may also be moving it to the spam folder automatically.

Do a test! Sign up for a few popular email services (like the ones listed earlier) and send a few test emails to them. Check if the emails get through the filter or go straight to spam.

Check your sender score. If your score is 80 or above and you’re sending helpful, interesting emails, you’re not likely getting caught in spam filters.

Test an email. Run your email through the free Mail Tester tool to get a glimpse into how popular spam filters might rate it. This is also very helpful for identifying structural issues in your email.


Created in conjunction with HubSpot, this checklist takes the guesswork out of knowing how to avoid even the toughest spam filters

How to bypass the toughest spam filters: the ultimate checklist

Anti-spam techniques checklist

While most of these techniques talk about preventing spam in your inbox, what about making sure your legitimate emails get through to their intended recipients? We’ve got your back with an ultimate checklist.

In a collaboration with HubSpot, we’ve created the be-all-to-end-all checklist: How to bypass the toughest spam filters. It walks you through the steps you need to take to stack the odds in your email’s favor, across five areas:

  • Setting up your infrastructure
  • Sending to the right people
  • Creating emails that engage
  • Testing obsessively
  • Monitoring metrics and patterns

In addition, it contains lots of bonus resources and helpful links that you can use to check, measure and improve your emails. By using the checklist as your guide, you can feel sure that your emails aren’t falling on deaf ears, and they’ll yield the results you’ve planned.

Bypassing spam email filters

Spam filters are a complex area to navigate. However it’s worth the effort, to ensure that your email campaigns successfully get to your intended recipients.

By knowing how spam filters work, and having the tools (don’t forget our spam checklist 😉) to help your email get past them, you’re in a much better place to get the ROI you expected from the onboarding or Black Friday sale sequence you’re sending.

Now you need to get through the next gatekeeper — your customer’s wallet!


John Rau

Marketing Manager at Tiny

A former developer, John works on the Marketing team at Tiny. When he's not spreading the word about TinyMCE, he enjoys taking things apart and *trying* to put them back together (including his house and anything else that looks interesting).

Related Articles

  • Product-Led GrowthApr 23rd, 2024

    CRM history, market and future: the essentials

Join 100,000+ developers who get regular tips & updates from the Tiny team.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Tiny logo

Stay Connected

SOC2 compliance badge


© Copyright 2024 Tiny Technologies Inc.

TinyMCE® and Tiny® are registered trademarks of Tiny Technologies, Inc.