Why does SpamAssassin give positive score for DMARC reject and MIME_NO_TEXT or LONG_INVISIBLE_TEXT?

Summary

SpamAssassin gives positive scores for DMARC reject (when authentication fails), MIME_NO_TEXT (missing plain text version), and LONG_INVISIBLE_TEXT (hidden text) because these characteristics are commonly found in spam emails. DMARC_REJECT is triggered when an email declares a 'reject' policy but fails SPF/DKIM checks, suggesting potential spoofing. MIME_NO_TEXT occurs because spammers often omit plain text to avoid text-based filters. LONG_INVISIBLE_TEXT identifies hidden text, a tactic used to manipulate indexing or hide links. While individual rule scores may be low, SpamAssassin's cumulative scoring means these factors, combined with others, can lead to a spam classification. Misconfigured DNS records, custom rulesets, and incorrect MIME structures can also contribute. Avoiding these practices and ensuring proper authentication are crucial for deliverability.

Key findings

DMARC Reject as Indicator: A positive score for DMARC reject often signifies a failed authentication, hinting at potential email spoofing or unauthorized sending.
Missing Plain Text as Spam Signal: The absence of a plain text version in MIME emails (MIME_NO_TEXT) is a common characteristic of spam, as spammers aim to avoid text-based filters.
Hidden Text as Deceptive Technique: Excessive hidden text (LONG_INVISIBLE_TEXT) is recognized as a technique used by spammers to manipulate search engine indexing and/or conceal malicious links from users.
Cumulative Scoring Impacts Deliverability: While individual SpamAssassin rules may have low scores, the cumulative effect of these scores, combined with other factors, can significantly impact email deliverability.
Custom Rulesets May Vary: Individual SpamAssassin installations might use custom rulesets (e.g., KAM_ rules) with varying weights and behaviors, affecting overall scoring.

Key considerations

Implement Proper Authentication: Ensure SPF and DKIM are correctly configured and validated to prevent DMARC reject-related issues.
Include Plain Text Versions: Always include a plain text version alongside HTML emails to improve deliverability and avoid MIME_NO_TEXT flags.
Avoid Hiding Content: Refrain from using techniques to hide text or links from users (small fonts, CSS display:none), as this triggers SpamAssassin's LONG_INVISIBLE_TEXT rule.
Validate MIME Structure: Ensure the email's MIME structure is valid and complete, with correct headers and encoding, to prevent issues related to MIME_NO_TEXT.
Review Custom Rules: If using a custom SpamAssassin setup, review the configuration and scoring weights to understand how specific rules affect deliverability.

What email marketers say
12Marketer opinions

SpamAssassin assigns positive scores for DMARC reject, MIME_NO_TEXT, and LONG_INVISIBLE_TEXT based on factors indicating potential spam. A positive score for DMARC_REJECT can occur when emails fail authentication (SPF, DKIM) despite a 'reject' policy, suggesting a potential forgery. MIME_NO_TEXT flags emails lacking a plain text version, which is a spam indicator and a deliverability best practice. LONG_INVISIBLE_TEXT identifies hidden text (small fonts, CSS hiding) used to manipulate content visibility. These scores are cumulative, and even low individual scores can lead to a spam classification when combined with other factors. Proper authentication, valid MIME structures, and avoiding hidden text are crucial for avoiding spam filters.

Key opinions

DMARC Reject Scoring: SpamAssassin assigns positive scores to emails that fail authentication (SPF, DKIM) despite having a DMARC reject policy, as this indicates a potential spoofing attempt.
MIME_NO_TEXT Issue: The MIME_NO_TEXT rule is triggered when emails lack a plain text version, a factor that contributes to spam classification.
Hidden Text Detection: LONG_INVISIBLE_TEXT detects hidden text using CSS or small fonts, a common tactic employed by spammers to conceal content.
Cumulative Scoring: SpamAssassin utilizes a cumulative scoring system, meaning low scores for individual rules can combine to push an email into the spam folder.

Key considerations

Authentication: Ensure proper email authentication setup (SPF, DKIM) to prevent DMARC_REJECT issues.
Plain Text Versions: Include a plain text version of your emails to avoid MIME_NO_TEXT flags and enhance compatibility.
Avoid Hidden Text: Refrain from using CSS or small fonts to hide text, as this triggers LONG_INVISIBLE_TEXT and reduces deliverability.
MIME Structure: Verify the MIME structure of your emails is correct and complete, including proper headers and encoding.

Marketer view

Email marketer from Reddit explains that SpamAssassin scoring is cumulative. Even if the individual score for DMARC_REJECT is low, if combined with other factors like missing plain text or hidden text, it can push the overall score into spam territory.

October 2022 - Reddit

Marketer view

Email marketer from Email Marketing Forum suggests MIME_NO_TEXT can be triggered if the MIME structure is incorrect or incomplete. Ensure proper MIME headers and the correct encoding are used to avoid this issue.

April 2023 - Email Marketing Forum

Marketer view

Email marketer from Mailjet suggests avoiding techniques that hide content from users, such as using small font sizes or placing text behind images. These practices are often associated with spam and can trigger rules like LONG_INVISIBLE_TEXT in SpamAssassin.

May 2023 - Mailjet

Marketer view

Email marketer from StackOverflow cautions that even if hidden text is meant for SEO and not directly for spamming email recipients, it can still raise flags with spam filters like SpamAssassin if the email looks suspicious. It is recommended to avoid this practice completely.

May 2024 - StackOverflow

What the experts say
4Expert opinions

SpamAssassin's positive scoring for DMARC reject, and issues like invisible text, arises from identifying patterns indicative of spam or malicious activity. The default DMARC_REJECT score might be minimal, primarily to register the occurrence, but custom rulesets can adjust the weighting. Invisible content, achieved through techniques like small fonts or CSS hiding, is penalized for its deceptive intent. Ultimately, SpamAssassin aims to flag emails exhibiting characteristics commonly found in spam, even if individual rules seem counterintuitive when viewed in isolation.

Key opinions

DMARC_REJECT Basic Score: The base DMARC_REJECT score is minimal, acting more as a log entry.
Custom Scoring Variations: Custom SpamAssassin rulesets may alter DMARC_REJECT scoring based on specific configurations.
Intent-Based Scoring: SpamAssassin identifies characteristics commonly used in spam, and penalizes practices that hide content or mislead recipients.
Pattern Identification: The system focuses on identifying patterns and characteristics associated with spam, rather than individual rule violations in isolation.

Key considerations

Review Custom Rules: Check custom SpamAssassin rulesets for potentially altered DMARC_REJECT scoring.
Avoid Deceptive Practices: Refrain from using techniques to hide or obscure content, as this raises red flags.
Consider Overall Spam Score: Understand that individual rule scores are assessed in the context of the overall SpamAssassin score.

Expert view

Expert and Email marketer from Email Geeks discuss DMARC_REJECT rules in SpamAssassin. Steve clarifies DMARC_REJECT is a standard rule in SpamAssassin, whereas Crystal indicates her host uses a custom set potentially overriding the standard rules with a KAM_ prefixed version from McGrail Foundation. Steve suggests the custom rules may have different weighting or simply be included in the custom set, but the behavior sounds identical.

June 2024 - Email Geeks

Expert view

Expert from Spamresource.com explains that SpamAssassin's scoring system is designed to identify characteristics commonly associated with spam. Even if a particular rule seems counterintuitive (like DMARC reject getting a positive score), it's because the rule is intended to identify potential abuse patterns when combined with other indicators.

July 2021 - Spamresource.com

Expert view

Expert from Email Geeks explains that the default DMARC_REJECT score for non-bayesian scoring is 0.001, a score to simply record the event.

February 2024 - Email Geeks

Expert view

Expert from Word to the Wise responds that invisible content triggers spam filters because it attempts to deceive the reader and/or the filter. This includes text in small font, hidden with CSS, or the same color as the background. It's a common spam technique to hide links or keywords.

July 2023 - Word to the Wise

What the documentation says
4Technical articles

SpamAssassin assigns positive scores to emails matching patterns common in spam. DMARC_REJECT triggers when an email with a DMARC 'reject' policy fails authentication, suggesting potential forgery. MIME_NO_TEXT flags missing plain text versions, common in spam to evade filters. LONG_INVISIBLE_TEXT detects hidden text used to manipulate indexing or hide links. While individual rule scores might be low, they contribute to an overall spam score.

Key findings

DMARC_REJECT Rationale: DMARC_REJECT indicates a potential forgery attempt when an email fails authentication despite having a 'reject' policy.
MIME_NO_TEXT Rationale: MIME_NO_TEXT identifies emails lacking plain text versions, a common tactic among spammers to evade text-based filtering.
LONG_INVISIBLE_TEXT Rationale: LONG_INVISIBLE_TEXT identifies hidden text, a tactic used by spammers to manipulate search engine indexing and hide unwanted links.
Cumulative Scoring Effect: SpamAssassin's overall spam score is the result of combining many individual rule scores.

Key considerations

Authentication Is Critical: Enforce proper email authentication (SPF, DKIM) to prevent triggering the DMARC_REJECT rule.
Provide Plain Text Alternatives: Ensure emails have a plain text version for compatibility and to avoid MIME_NO_TEXT flags.
Avoid Hiding Text: Refrain from using hidden text via font sizes or CSS to evade LONG_INVISIBLE_TEXT penalties.

Technical article

Documentation from Apache SpamAssassin Wiki explains that the DMARC_REJECT rule is triggered when an email has a DMARC policy of reject but fails authentication checks like DKIM or SPF. A positive score is assigned because the sender is explicitly telling the recipient to reject unauthenticated mail, and the fact that it's being evaluated means it might be a forgery attempt.

September 2022 - Apache SpamAssassin Wiki

Technical article

Documentation from MailChannels explains SpamAssassin assigns scores based on a variety of rules, with higher scores indicating a higher likelihood of being spam. While a single rule like DMARC_REJECT may have a low score, it contributes to the overall score which determines if an email is flagged as spam.

October 2023 - MailChannels

Technical article

Documentation from SpamAssassin Source Code explains that the MIME_NO_TEXT rule checks for multipart MIME emails that lack a plain text part. This can be a sign of spam, as legitimate emails usually include a plain text version for compatibility. A positive score is assigned because spammers often prioritize HTML content and neglect plain text alternatives to evade text-based spam filters.

December 2024 - SpamAssassin Source Code

Technical article

Documentation from SpamAssassin Source Code explains that the LONG_INVISIBLE_TEXT rule detects excessive amounts of text hidden using techniques like small font sizes or colors matching the background. A positive score is assigned because this is a common tactic used by spammers to hide keywords or links from users while still being indexed by search engines.

March 2023 - SpamAssassin Source Code