14-day Cloud trial
Start today. For free.

One editor. 50+ features. Zero constraints. After your trial, retain the advanced features.

Try Professional Plan for FREE
PricingContact Us
Log InGet Started Free

How to test emails for spam score via API

August 2nd, 2022

6 min read

Text "Hello {{first.name}}" as it might appear when creating a marketing email using tokens.

Written by

John Rau


How-to Use TinyMCE

Imagine for a moment, a street hawker in the 19th century. Now imagine how relieved they’d be if their daily work (shouting about their goods to passersby) was automated. 

Yes, the OG form of advertising continues… but instead of being on the streets, it’s in our inboxes. And it’s called spam.

With the advent of technology, spam has proliferated, and in turn, spam filters have ratcheted up their efforts to block unwanted messages. Many would now say that the biggest challenge is getting your messages to cut-through the white noise (and get around the spam filters) that are everywhere. 

So how do you get through the filters, if your message is worthwhile? By taking a look at your spam scores.

What are email spam scores?

Getting legitimate email delivered is a major challenge. There are 333 billion emails coming from mail servers every day, but 1 in 6 don’t even reach a mailbox. That is because the messages within the emails are rated by email checking code, and a score is returned. If that email spam score is too high, the message delivery stops right there and then.

To solve the problem, there’s a practical solution. What’s that? Check your email content spam score before sending.

This article explains a programmatic approach you can take, to test your emails for a spam score, with an API.

When should you check a spam score?

In most roles, a large amount of time goes into writing and sending ordinary emails. It’s part of the daily job. What if, instead, you’re building an app that sends emails – like an Email Marketing Tool, or Customer Relations Management software.

As part of that build, you may want to offer spam checking functionality within your app – to check them for any known, documented spam flags that exist, before the email message is sent.

Why check spam scores?

Email, just like the original 19th century printed versions of classic journals and newspapers, doesn’t allow for an easy method of redaction. In fact, once an email leaves the mail server, it’s gone. For good.

Therefore it’s important to check your emails are getting where you want, to the specific person you want to talk to, every time you hit ‘send’.

Despite its age, email marketing still remains one of the major avenues for marketing and promotion – it’s vital for nurturing, communication, and closing sales. There’s also measurement. Email marketing results are straightforward to measure,  so it’s worth protecting the flow of potential 1st-party data that you want to come  in and out of your business.

To make the entire process even easier, with an API checker, you can get a clear indication (via a number or rank) of how likely it is that your email will reach your customer. Spam checking with an API can help you quickly get feedback on your email content, you can then adjust the content to increase the likelihood of it reaching its recipient and get your message out there.

API spam checking with Postmark and Apache SpamAssassin

The API spam checking capabilities explained in the following paragraphs, use the free API provided by Postmark. The API runs email content, such as the subject and body, against the Apache SpamAssassin platform, and returns a score that indicates how likely your email will pass filters and arrive in your customer’s inbox.

How the API spam checking works

Postmark’s API gives you a spam score, as well as detailed results, that your customers can then consult. They can then make an informed decision on sending their email message, or modifying it before sending.

The following example uses a few other software items:

  1. Node.js (a popular application framework) – check on our guide for more information if you’re looking to send your emails with a Node.js client
  2. Axios – an HTTP client for Node.js and browsers
  3. Nodemailer – an email composition and sending tool

Note: This example could apply to your own tech stack if you’re building an email app, or adding email management to your CRM, provided your stack can compose emails and perform HTTP POST requests.

There are a few considerations before getting started: 

  • Other factors beyond spam analysis affect whether an email makes it to a customer.
  • This tutorial doesn’t include Sender Score improvement and change information, both of which are beyond its scope.
  • A high PostMark API score is not a guarantee of emails arriving, being opened or being read. It does, however, give a good indication of email arrival chances.
  • The PostMark API is a free service, and comes with no guarantees. There are other paid services out there that come with uptime guarantees and support.
  • For more information, check on the TinyMCE guide on getting past email spam filtering.

How to set up testing for email spam scores using TinyMCE


What you’ll need to set up your email spam score testing:

  • Node.js installed and running on your local development machine
  • Node Package Manager (npm) set up
  • A text editor 
  • Entry level JavaScript knowledge
  • Postmark API
  • Apache SpamAssasin

API spam score testing setup using Postmark API

  1. Create a new project folder, and change into it:
mkdir node-spam-test

cd node-spam-test
  1. Initialize the project with the npm command, and press enter to select the default settings:

npm init
package name: (spam-test) 
version: (1.0.0) 
entry point: (index.js) 
test command: 
git repository: 
license: (ISC) 
About to write to /Your/directory/pathway/
  "name": "spam-test",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  "author": "",
  "license": "ISC"

Is this OK? (yes) 

  1. Install the project dependencies with npm commands:

npm install axios nodemailer
  1. Open your text editor, and create a file called “test-spam.js”. Save the file in your node-spam-test folder

Creating an email for testing spam score

The next step is to create the test message to actually check against Apachespamassassin. This involves adding JavaScript to the newly created test-spam.js file

  1. Open the file in your text editor of choice

  2. Set up constants that call to MailComposer and Axios

const MailComposer = require("nodemailer/lib/mail-composer");

const axios = require("axios");
  1. Set up the test message inside a variable named “message”

//Message built with MailComposer key and value pairs. This would be created by the email app in production

var message = {

  from: "sender@server.com",

  to: "receiver@sender.com",


  text: "Hey bro, DId you know you can she the pinds if you follow this one simple trick? Follow the link here to find out how!",

  html: "<p>Hey bro,</p><p>Did you know you can shed the pounds if you follow this one simple trick?</p><p>Just head over to our website and try our pill F R E E or wth a discout</p><p><a href='<a href=""></a>'>BUY NOW!</a></p>"


var mail = new MailComposer(message)
  1. Create a mail variable that will send the message contents on to postmark, and return the results:

// Compile the message, and post it to PostMark Spamcheck when ready

mail.compile().build(function (err, message) {

    .post("https://spamcheck.postmarkapp.com./filter", {
      email: message.toString(),

      options: "long",

    .then((res) => {
      // Interpret the results, and send back to the app


    .catch((error) => {
      //Catch any errors

  1. Save the changes, and then on the command line, run the JavaScript with the npm command.

The results will return in a JSON format directly into the command line window where you’re running the node command that in turn runs the test-spam.js file.

node text-spam.js

Explaining email API testing results

When the results return, you should see your spam score. The closer the overall score is to 10, the higher the spam rating, and less likely that your message will reach customers.

At the top of the report, you’ll see the overall score:

    success: true,
    score: '4.7',

You will then see a breakdown of the rules. These explain why your message received the spam score returned by Postmark. These results are returned as a series of JSON objects with “score” and “description” key and value pairs.

rules: [
      score: '0.8',
      description: 'BODY: Bayes spam probability is 40 to 60% [score: 0.4933]'
      score: '0.6',
      description: 'Subject line starts with Buy or Buying'
    { score: '1.5', description: 'Subject talks about losing pounds' },
    { score: '0.5', description: 'Subject is all capitals' },
      score: '-0.0',
      description: 'Informational: message was not relayed via SMTP'
    { score: '0.0', description: 'BODY: Lose Weight Spam' },
      score: '1.2',
      description: 'URI: Uses a numeric IP address in URL'
      score: '0.0',
      description: 'URI: Dotted-decimal IP address followed by CGI'
    { score: '0.0', description: 'BODY: HTML included in message' },
      score: '-0.0',
      description: 'Informational: message has no Received headers'

The last item is the report table. This shows the points assigned by each rule arranged alongside the description. It’s a useful summary in a table format.

report: ' pts rule                   description                                      
\n' +
    '---- ----------------------
--------------------------------------------------\n' +
    ' 0.8 BAYES_50               BODY: Bayes spam probability is 40 to 60% [score: \n' +
    '                            0.4933]                                           \n' +
    ' 0.6 SUBJ_BUY               Subject line starts with Buy or Buying            \n' +
    ' 1.5 SUBJECT_DIET           Subject talks about losing pounds                 \n' +
    ' 0.5 SUBJ_ALL_CAPS          Subject is all capitals                           \n' +
    '-0.0 NO_RELAYS              Informational: message was not relayed via SMTP   \n' +
    ' 0.0 DIET_1                 BODY: Lose Weight Spam                            \n' +
    ' 1.2 NUMERIC_HTTP_ADDR      URI: Uses a numeric IP address in URL             \n' +
    ' 0.0 IP_LINK_PLUS           URI: Dotted-decimal IP address followed by CGI    \n' +
    ' 0.0 HTML_MESSAGE           BODY: HTML included in message                    \n' +
    '-0.0 NO_RECEIVED            Informational: message has no Received headers    '

Wrapping up email spam checking with APIs

With your results available, the next steps could be: 

  • To capture the spam score
  • Display the score, using your Email marketing tool or CRM software. 

This information is valuable: APIs can quickly give you feedback on your email content, which you can then use to adjust your message, and increase the chances of communicating, nurturing, and closing a sale.

For more on Email tools and CRMs, and how to incorporate a reliable editing component into these solutions, you can check out TinyMCE’s email builder and CRM starter configs to build in the world’s most popular text editor into your email app.

Email MarketingAPIConfigurationUse Cases
byJohn Rau

A former developer, John works on the Marketing team at Tiny. When he's not spreading the word about TinyMCE, he enjoys taking things apart and *trying* to put them back together (including his house and anything else that looks interesting).

Related Articles

  • How-to Use TinyMCEApr 28th, 2022

    How to set up TinyMCE from the cloud

Join 100,000+ developers who get regular tips & updates from the Tiny team.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Tiny logo

Stay Connected

SOC2 compliance badge


© Copyright 2024 Tiny Technologies Inc.

TinyMCE® and Tiny® are registered trademarks of Tiny Technologies, Inc.