What signals do filters analyze (header, content, behavior)?

Still have a question, spotted an error, or have a better explanation or a source we should cite?

Every time you send an email, a filter runs it through a checklist you never see. That checklist falls into three categories: what the headers say, what the content looks like, and how recipients have treated mail from you before. Get any one of these badly wrong, and the other two can't save you.

Headers: the technical handshake

Header analysis is where filters start. They check whether your SPF, DKIM, and DMARC records all pass and align. They look at whether the sending IP matches the declared domain, and whether the From address matches what those authentication checks cover. Forged or inconsistent headers are immediate red flags. So are missing authentication records, mismatched timestamps, and unusual routing through unexpected servers.

A common failure here: your From address shows one domain but your SPF record only covers a different sending domain. Filters notice that mismatch even if you don't.

Content: what you're actually sending

Content analysis scans the message body for patterns that match known spam. That includes suspicious phrases ("you've been selected", "click here to claim"), excessive or mismatched links, URL reputation (a clean domain linking to a flagged one is still a problem), heavy image-to-text ratios, and attachment types that trigger security checks.

HTML quality matters more than most senders expect. Broken HTML, missing plain-text versions, or code that looks like it was exported from a word processor rather than written cleanly can all push a filter toward caution. Filters also compare your content against fingerprints of known spam campaigns. If your layout accidentally resembles a phishing template, that's a problem even if your intent is genuine.

Behavior: your reputation in action

But this is the category that surprises senders most. Filters track how real recipients respond to your mail. Opens, clicks, replies, and forwards all work in your favor. Deletions without opening, moves to spam, and unsubscribes all work against you. Actual spam reports carry the most weight.

Behavioral signals are weighted toward the recent. A clean track record from six months ago won't protect you from a bad campaign this week. Filters are asking: what are people doing with this sender's mail right now? If the answer is "ignoring it" or "reporting it", your deliverability will reflect that quickly.

The practical takeaway is this: headers are the floor (fix authentication first, there's no workaround), content is the walls (keep it clean, relevant, and technically sound), and behavior is the ceiling (the best content in the world won't help if your list doesn't care). You can use our free Email Header Analyzer to see exactly what filters see on the technical side. If you're not sure where your reputation stands, check your domain on our Blocklist Checker too.

Contributors

Who worked on this answer

Every name links to their profile. Every company links to their site. Real people, real accountability.

Ask an AI · tailored to your setup

Get a breakdown of your filter signals

I want to know what email filters check in each of these three areas: headers, content, and behavior. For each one, tell me: (1) the specific signals they analyze, (2) the most common failure modes for each, and (3) what I can actually fix as a sender. My sending domain is domain, my ESP is ESP name, and I'm sending describe email type. Rank the three categories by which matters most for my situation.

Edit the yellow boxes, then send to the AI of your choice.