Deliverability

Spam trigger words in 2026: what still matters

TL;DR

Most spam-word lists are a SpamAssassin-era artifact that describes how mail was filtered fifteen years ago, not how Gmail, Outlook, and Apple Mail decide today. When we look at newsletters that already reached a subscribed inbox, a large share of them still say free, limited time, and buy now, and they inboxed anyway. The word is rarely what sinks a send. Authentication, sender reputation, and message shape are. Fix those before you rewrite a single subject line.

Spam trigger words is one of those phrases that outlived the thing it described. Ask around and someone will hand you a list of 200 or 500 or 800 words you must never put in an email, with free and act now and risk-free at the top, as if a filter somewhere is scanning for them and bouncing you on contact. We grade a lot of newsletters, and that is not what we see. When we run real campaigns through the Newsletrix spam score checker, the words in the copy almost never decide placement. The technical layer does. This piece is about where that word list came from, what our own corpus says about it, and what to spend your time on instead.

Where the spam trigger words list came from

The lists trace back to SpamAssassin, the open-source content scanner that sat in front of a huge share of the world's mail servers through the 2000s. SpamAssassin works by adding up points. Each rule it matches contributes a score, and once a message crosses the threshold, 5.0 points by default, it gets tagged as spam. The detail everyone forgot is how small the word rules are. A body phrase like money back guarantee, or a subject shouting in capitals, scores a fraction of a point on its own, often well under one. You had to stack a lot of them, on top of network checks and a bad Bayesian score, to clear 5.0 on words alone. The scary lists are just someone transcribing SpamAssassin's rule names into a blog post and dropping the point values that made them mostly harmless.

Then the inbox moved on. Gmail, Outlook, and Apple Mail do not run a public keyword list, and they have not for years. They train machine-learning classifiers on signals SpamAssassin never had: whether real recipients open, reply, archive, or hit report spam, whether your domain authenticates, how your sending history looks over weeks. A static word cannot carry much weight in a model like that, because a spammer would just change the word. What the model trusts is behavior it cannot easily fake. So the list you were handed is not merely old. It is aimed at the wrong machine.

What we see when we score inbox-landing newsletters

Here is the part the listicles cannot do, because they do not have the data. Newsletrix pulls newsletters from a live subscribed inbox. Every message in that corpus, by definition, already reached the inbox. It passed the filter. So we can ask a question the word lists never test: how many of these inbox-landing sends still contain the banned words?

A large share of them do. Open the promotional sends from the ecommerce brands and creator newsletters we track and you will find free, limited time, sale, and buy now sitting in subject lines and body copy, on messages that Gmail and Apple Mail delivered to the primary inbox without complaint. Mailchimp and Klaviyo customers ship these words every day and inbox fine. If the word were the trip wire the lists claim, none of this mail would be where we found it. The plain reading is the honest one. The word alone did not trip the filter, because the word alone is not what the filter is weighing.

That is the whole case in one observation, and it is why we tell clients to close the thesaurus the moment a send underperforms. The instinct to soften free into complimentary is a nervous tic, not a fix. It changes the copy, it flatters nobody, and it moves your placement by roughly nothing.

Grade your send before you second-guess a word

The Newsletrix spam score checker reads your real HTML, verifies SPF, DKIM and DMARC alignment, measures your image-to-text ratio, and grades every link, then ranks the issues by weight. It tells you what is dragging placement down, and it is almost never the word you were about to swap out.

Open the spam score checker →

What filters weigh instead

If it is not the words, what is it? Roughly in the order that each one moves placement, three things.

Authentication comes first. SPF, DKIM, and a DMARC record that aligns, meaning the domain in your visible From matches the domain that signed the message. Since the Gmail and Yahoo bulk-sender rules landed in February 2024, this stopped being optional for anyone sending real volume: no aligned DMARC, no reliable inbox. You can pass SPF and DKIM in a header viewer and still fail alignment, which is the trap most senders miss. The mechanics are in our guide on SPF, DKIM and DMARC explained, and the setup pays for itself faster than any wording change.

Reputation comes second. Mailbox providers decide you by your history: your complaint rate, your bounce rate, how often people mark you as spam or delete you unread. Google Postmaster Tools is the one free window into how Gmail rates your domain, and Gmail's own bulk-sender threshold is a spam complaint rate under 0.3 percent. Cross it and no clever wording saves you. If you send volume and have not connected Postmaster Tools, you are blind on the signal that matters most, and our spam complaint rate benchmarks show where you should sit.

Message shape comes third, and this is where the grain of truth in the word panic lives, except it is about form, not vocabulary. An image-only body with almost no live text looks like the bulk blasts scanners were built to catch. A subject in full capitals with three exclamation marks reads as shouting to a classifier the same way it does to a person. A single link to a URL shortener looks like someone hiding a destination. None of these is a word. They are patterns, and our image-to-text ratio breakdown covers the one that trips people most.

When spam trigger words do cost you

I am not going to tell you words never matter, because that is its own myth. There is a real slice of truth here, worth naming precisely so you do not overcorrect. Words add risk when they pile onto the problems above, not on their own. A cold domain with no sending history, mailing an image-heavy template, under a subject that is all capitals and stacked urgency, is a different animal than an established sender writing free shipping in normal case. Same word, opposite outcome, because everything around it changed.

So the honest model is that the word is a multiplier on existing risk, not a standalone cause. On a clean, authenticated send with a healthy reputation, free contributes a rounding error. On a send that has already given the filter three reasons to distrust it, the same word nudges you over the edge. That is the defensible version of trigger words matter. Not never say free, but if you are already on thin ice, do not also shout.

Subject line risk versus body risk

One distinction the lists flatten: where the word sits changes how much it counts. A word in the subject line is read earlier, by more filters, and it is the thing your recipient sees before deciding to open, which feeds the engagement signal that moves your reputation over time. A word buried in the body of a message people already trust barely registers. So if you are going to spend any attention on wording, spend it on the subject, and spend it on whether the subject earns an open, not on whether it contains a forbidden token.

This is where a tool beats a checklist. Guessing whether last chance will hurt is a waste of an afternoon. The subject line tester scores the line in seconds so you can move on to something that matters. And if you want to see how the strongest senders in your niche word their subjects while still inboxing, pulling apart their sends teaches more than any word list, which is half the reason we track competitors in the first place. Placement-testing tools like Litmus and the inbox alternatives we compare cover the seed-list side of that work.

How to check your newsletter before you send

Two steps settle it, in order. First, run the finished campaign, not a draft, through a spam score checker, so it can read your real authentication headers and real links. Read the grade, then read the itemized list beneath it. On the common 0 to 10 scale, aim for 8.0 or higher; below that the list tells you whether the deduction is authentication, image weight, or links, and you will notice it almost never says the word free. That clears the content-and-configuration half of the question.

Second, if placement still worries you, seed-test across Gmail, Outlook, and Apple Mail from your real sending domain, and watch where each copy lands. If it inboxes on a fresh account but spam-folders on your oldest engaged one, that is reputation talking, not your copy. Between those two checks you will find the real cause, and it will rarely be the word you were about to rewrite. For the model underneath all of this, how spam filters score your newsletter goes deeper, and why your newsletter emails go to spam ranks the causes in the order we work them. Spend your hours on the layer that carries the weight, and the word you were worried about stops being a problem.

Frequently asked questions

Do spam trigger words still matter in 2026?

Far less than the lists suggest. We pull newsletters from a subscribed inbox, and a large share of the promotional sends that reached the inbox still used words like free and limited time. The word rarely decides placement on its own. It adds risk only when it stacks on failed authentication, a weak sender reputation, or an image-heavy template. Fix those first.

Does the word free send emails to spam?

No, not by itself. The word free appears in countless newsletters that Gmail and Apple Mail deliver to the primary inbox every day, including sends from Mailchimp and Klaviyo customers. A filter penalizes it only when it lands alongside bigger problems, like an all-caps subject, a cold sending domain, or a body that is mostly one image. On a clean, authenticated send the word is close to a rounding error.

What triggers spam filters now, if not words?

Three things, in order. Authentication, meaning SPF, DKIM, and a DMARC record whose domain matches your visible From address. Sender reputation, which mailbox providers track through complaint rates, bounces, and how often people open or delete you. And message shape, like image-to-text ratio, all-caps subjects, and shortened links. Gmail, Outlook, and Apple Mail train classifiers on these behavioral signals, not on a public keyword list.

Does Gmail use a spam word list?

No. Gmail does not publish or run a fixed list of banned words. It uses machine-learning classifiers trained on recipient behavior and sender reputation, which a single static word cannot game. The famous word lists trace back to SpamAssassin, a 2000s-era content scanner where each matched word added a small fraction of a point, not to any modern mailbox provider.

How do I check if my newsletter will be flagged?

Run the finished campaign through a spam score checker so it can read your real authentication headers and links, and aim for 8.0 or higher on the common 0 to 10 scale. Then seed-test across Gmail, Outlook, and Apple Mail from your real sending domain to see where each copy lands. Between the two you will find the real cause, and it is rarely the wording.

Related reading

Get started

Stop guessing. Start winning.

Join newsletter creators using AI-powered competitor intelligence to ship better content, faster.

No credit card required  ·  Cancel anytime  ·  All features on every plan