Pre-Send Spam Audit
Spam filters stopped counting trigger words years ago. They score sender signals first. Audit your copy against the checklist below, then verify any address you plan to send to. Free, no signup, no card.
Trusted by 500,000+ leading GTM teams of all sizes
The honest version
Type email spam content checker into Google and you are usually holding a finished draft and a deadline. You want a number that says the campaign will land. The classic tools answer with a SpamAssassin-style score: every risky phrase, formatting quirk, and link pattern adds points, and anything over 5.0 gets junked by the gateways still running those rules. That model is real, but it is twenty years old, and it covers a shrinking slice of the inboxes you actually care about.
Gmail and Microsoft retired the word-list approach. Their filters are machine-learning systems weighing hundreds of signals at once, and the heaviest ones live outside your copy: whether your domain passes an SPF, DKIM, and DMARC check, whether a domain spam scan shows you on a blocklist, and how past recipients reacted to your mail. The same paragraph can inbox from one sender and junk from another. That is why a content score alone keeps passing campaigns that still die, and why the question “is this specific address risky to send to” belongs to an address-level spam check rather than a prose scanner.
So this page splits the work honestly. Below is the hand-audit list of the eight content signals filters still score, worth fixing in any draft before any send. The half you can automate is the list itself: the Verifox email verification engine runs nine checks per address, holds 99.99% accuracy on a 1,000-address benchmark, and resolves the catch-all domains where 20 to 40% of B2B lists quietly rot. Run the checklist by hand, push the list through the verification API, and check the pricing for your region before a big send.
The hand-audit half
Run your draft down this list before any send. Each one is a pattern filters learned from decades of complaint data, and each one is fixable in minutes. For rendering and broken-markup problems, the email template checker digs deeper, and the email link checker audits every URL in the body.
Fake "RE:" and "FWD:" prefixes, or a subject that promises something the body never delivers. CAN-SPAM makes misleading subjects illegal, and filters trained on complaint data treat them as the strongest content signal there is.
ALL-CAPS subjects, stacked exclamation marks, currency symbols, and emoji walls. None of these carries a fatal penalty alone, but together they reproduce the exact shape of the mail people mark as junk.
One large image and a dozen words of text is a classic spam silhouette. Filters cannot read pixels, so a body they cannot parse gets scored on suspicion. Keep a healthy text-to-image ratio and always ship real copy.
URL shorteners, many different domains in one message, and display text that does not match the underlying href. Phishing detection lives here, and it is unforgiving. Link to one or two domains you actually control.
"Act now", "100% free", "guaranteed", "no obligation". Each phrase is harmless in honest context, but clustered into a pitch-shaped paragraph they still pattern-match against decades of junk. Write like a person, not a late-night ad.
Broken tags, hidden white-on-white text, one-pixel fonts, and leftover template scaffolding. Filters parse your markup before any human sees it, and markup built to hide things is scored as exactly that.
Unexpected .zip, .exe, or .html attachments in a first-touch email. Most gateways quarantine these shapes outright. If a prospect needs a file, link to it from a domain you own instead.
HTML-only messages with no text/plain alternative, and bulk mail without a working unsubscribe link. Both are structural tells that legitimate senders never leave out, so filters read their absence loudly.
The automatable half
Content gets audited by hand; recipients get verified by machine. Paste any address you plan to mail, let the nine-check engine score it, and read the verdict in about two seconds.
Drop any email into the pill. Gmail, Outlook, custom domains, role aliases. Single address now, bulk CSV on signup.
Nine checks fire in parallel. Syntax, DNS, SMTP, catch-all, disposable, role, age, auth, mailbox state. Verdict in about two seconds.
Valid, invalid, or risky. Plus a confidence score, the per-check breakdown, and a recommended retry policy. Read on the page or via API.
The 9-point engine
The same nine-check engine our paid email verification API runs. Every email, every verification, every time.
Every address runs a full RFC 5321 and RFC 5322 compliance pass before a single network call goes out. The engine catches what visual scanning misses, the double dot in alice@verifox..ai, the trailing period, the IDN homograph that looks valid but resolves to a different domain.
Bundled typo suggestions let your form offer “did you mean alice@gmail.com?” instead of rejecting silently.
Once syntax passes, the engine resolves the domain. We confirm the DNS records exist, fetch the MX record priority list in order, and verify at least one mail-exchange server is actively accepting connections right now.
Misspelled domains like gmial.com, expired domains, and parked-for-sale domains all fail this gate before the engine wastes a single SMTP roundtrip.
The engine opens a TCP connection on port 25, performs the EHLO handshake, then negotiates MAIL FROM and RCPT TO. Every server response code (220, 250, 550, 552) is parsed deterministically against the IANA enhanced-status registry.
This is the moment a mailbox proves it actually exists. No third-party guesses, no statistical heuristics, just the receiving server's own answer.
Some domains accept every email regardless of whether the mailbox exists, a setup known as a catch-all configuration. The engine sends a deterministic probe to a deliberately fake address (zzz9k7q@domain.com); if the server returns the same 250 OK it returned for the real address, the domain is catch-all.
The verdict isn't dropped, it's flagged RISKY so you know the deliverability signal is degraded.
The engine maintains a curated registry of 10,247 disposable email providers, including Mailinator, Guerrilla Mail, 10MinuteMail, Tempmail, and the long tail of regional clones.
Any address matching the blocklist is flagged INVALID. Deliverability to a mailbox that exists for 10 minutes and is never checked is functionally zero, regardless of whether the SMTP handshake passes.
info@, support@, no-reply@, admin@, hello@, billing@, contact@. These are shared inboxes, not individuals.
The engine extracts the local-part of every address, matches it against the known role-prefix registry, and tags the result with a reduced engagement score.
You don't drop them automatically. The verdict tells you they're roles so you can decide whether they belong in your outbound.
Fresh-spam domains registered hours ago are the single biggest source of inbound abuse. The engine queries WHOIS and RDAP for every unique domain, extracts the registration date, and flags anything under 30 days old with a “fresh” warning.
Domains aged 5+ years pick up a corresponding trust signal. The same heuristic spam filters have been using since the early 2000s, ported into the verdict.
SPF, DKIM, and DMARC together prove the sender is authorised to send from that domain.
The engine reads each policy via DNS, validates SPF includes recursively, scans six common DKIM selectors for a published key, and confirms DMARC alignment with the From: header.
A failing DMARC policy means the sender can be spoofed, so the verdict warns you before you reply.
Beyond “exists vs doesn't exist”, the engine extracts the precise mailbox state from the SMTP server's response. Full inbox (552 / 522 quota), disabled mailbox (550 5.1.1), out-of-office autoresponder, frozen account.
Each state maps to a specific retry policy. Full inbox retries in 6 hours. Disabled drops permanently. The verdict tells you which bucket the bounce belongs in so your retry logic doesn't waste cycles.
How we stack up
Same nine-check pipeline, the highest published accuracy, credits that never expire, and an MCP server no competitor offers. Head-to-head with the two providers our buyers shortlist.
| Feature | Verifox | NeverBounce | ZeroBounce |
|---|---|---|---|
| Published accuracy claim | 99.99% | 99.0% | 99.6% |
| Credits expire | Never | Yes | Never |
| Free credits on signup | 1,000–2,500 / one-time | 1,000 / monthly | 100 / monthly |
| Verify without signup | |||
| Catch-all resolution | AI confidence | Flagged only | AI scoring |
| Real-time API | |||
| Bulk CSV upload | |||
| MCP server for AI agents | |||
| SOC 2 + GDPR + CCPA |
What teams are saying
Growth leads, marketers, and engineers running real campaigns on real lists. Specific numbers, specific tools they switched from, and a verified email address on every byline.
We were paying ZeroBounce a four-figure monthly bill and still landing 3% bounces on cold campaigns. Switched the pipeline to Verifox, dropped to 0.4% bounces, and cut the bill by more than 90%.
Other tools flag 30% of our B2B list as 'risky catch-all' and leave the call to us. Verifox returns a real verdict on those addresses, with a confidence score. We send more, we send safer.
We had a Gmail spam-folder problem after a bad list import. Verifox cleaned the list and the warmup ran on the same engine. Back in primary inbox in six weeks. One vendor, half the cost.
Ran a 50,000-address outbound list through Verifox before our quarterly campaign. Bounces landed at 0.7%, sender reputation didn't move, replies were up 22% over last quarter.
Their MCP server let me wire email verification directly into our internal Claude agent in about ten minutes. Zero glue code. No other vendor in this space has thought about that workflow.
Tested Verifox at 10,000 verifications per minute on a Tuesday morning. Latency held under 400ms median, no soft failures, no rate-limit walls. The vendor we benched throttled at 2,000/min.
Our SDRs were enriching from three tools and 14% of the emails were invalid before they hit the sequencer. Verifox sits in the pipeline now and the team stopped seeing 'undeliverable' replies the next week.
Bulk upload, sorted CSV back in twenty minutes, plug into our growth stack. The half-day list-hygiene project per cohort turned into something the marketing intern runs on autopilot.
Verifox returns a 0-100 confidence score per address, not just a label. We thresholded at 75 for the cold sequencer, 60 for nurture, and our deliverability team finally has a knob they can tune.
We were paying ZeroBounce a four-figure monthly bill and still landing 3% bounces on cold campaigns. Switched the pipeline to Verifox, dropped to 0.4% bounces, and cut the bill by more than 90%.
We had a Gmail spam-folder problem after a bad list import. Verifox cleaned the list and the warmup ran on the same engine. Back in primary inbox in six weeks. One vendor, half the cost.
Their MCP server let me wire email verification directly into our internal Claude agent in about ten minutes. Zero glue code. No other vendor in this space has thought about that workflow.
Our SDRs were enriching from three tools and 14% of the emails were invalid before they hit the sequencer. Verifox sits in the pipeline now and the team stopped seeing 'undeliverable' replies the next week.
Verifox returns a 0-100 confidence score per address, not just a label. We thresholded at 75 for the cold sequencer, 60 for nurture, and our deliverability team finally has a knob they can tune.
Other tools flag 30% of our B2B list as 'risky catch-all' and leave the call to us. Verifox returns a real verdict on those addresses, with a confidence score. We send more, we send safer.
Ran a 50,000-address outbound list through Verifox before our quarterly campaign. Bounces landed at 0.7%, sender reputation didn't move, replies were up 22% over last quarter.
Tested Verifox at 10,000 verifications per minute on a Tuesday morning. Latency held under 400ms median, no soft failures, no rate-limit walls. The vendor we benched throttled at 2,000/min.
Bulk upload, sorted CSV back in twenty minutes, plug into our growth stack. The half-day list-hygiene project per cohort turned into something the marketing intern runs on autopilot.
We were paying ZeroBounce a four-figure monthly bill and still landing 3% bounces on cold campaigns. Switched the pipeline to Verifox, dropped to 0.4% bounces, and cut the bill by more than 90%.
Ran a 50,000-address outbound list through Verifox before our quarterly campaign. Bounces landed at 0.7%, sender reputation didn't move, replies were up 22% over last quarter.
Our SDRs were enriching from three tools and 14% of the emails were invalid before they hit the sequencer. Verifox sits in the pipeline now and the team stopped seeing 'undeliverable' replies the next week.
Other tools flag 30% of our B2B list as 'risky catch-all' and leave the call to us. Verifox returns a real verdict on those addresses, with a confidence score. We send more, we send safer.
Their MCP server let me wire email verification directly into our internal Claude agent in about ten minutes. Zero glue code. No other vendor in this space has thought about that workflow.
Bulk upload, sorted CSV back in twenty minutes, plug into our growth stack. The half-day list-hygiene project per cohort turned into something the marketing intern runs on autopilot.
We had a Gmail spam-folder problem after a bad list import. Verifox cleaned the list and the warmup ran on the same engine. Back in primary inbox in six weeks. One vendor, half the cost.
Tested Verifox at 10,000 verifications per minute on a Tuesday morning. Latency held under 400ms median, no soft failures, no rate-limit walls. The vendor we benched throttled at 2,000/min.
Verifox returns a 0-100 confidence score per address, not just a label. We thresholded at 75 for the cold sequencer, 60 for nurture, and our deliverability team finally has a knob they can tune.
Why both halves matter
You can pass every content scanner on the internet and still hit the junk folder, because bounces and trap hits from a stale list outweigh your best subject line. Verifox runs the full nine-check pipeline the paid plans use, capped only on volume.
The free tier runs the full nine-check pipeline from our email verification API, capped on volume and never on accuracy.
Verify your first emails right here with no signup at all. Create a free account when you go past four checks a day.
Your free plan unlocks the very same REST API, CSV upload, and bulk parallel processing that the paid plans run on.
Addresses are processed in memory and dropped on response, nothing stored and nothing sold. Read the privacy policy.
Trust & compliance
Every layer of the stack carries a third-party attestation, so you can ship into regulated industries without rebuilding your compliance posture.
Independently audited to the SOC 2 Type II standard.
Built for the EU with full GDPR data-subject rights.
California opt-out, do-not-sell, plus DSAR handling.
Information security held to the ISO 27001 standard.
AI governance aligned to the new ISO 42001 standard.
Common questions
What teams ask before a send: which content rules still apply, what a safe spam score looks like, and why the list usually matters more than the words. Straight answers, real numbers.
No, and we will not pretend otherwise. Verifox does not read your prose. The eight content signals on this page are a hand-audit checklist drawn from how filters actually score messages, and the widget up top checks the addresses you plan to send to.
That split is deliberate: content problems are fixable in your draft in ten minutes, while list problems need machinery. If your question is whether a specific address is risky, the address-level spam check answers it directly.
Rarely on their own. Gmail and Microsoft moved to machine-learning filters that read context, so “free” in a genuine offer is fine while a stack of pressure phrases in a pitch-shaped sentence still pattern-matches badly.
The exception is older corporate gateways running SpamAssassin-style rules, which do assign per-phrase points. If you sell into enterprises, keep the phrase clusters out of cold email and watch your overall email health instead of any single word.
For SpamAssassin-style scoring, the default junk threshold is 5.0, and careful senders aim under 3. Treat that number as linting, not a guarantee: Gmail and Microsoft publish no score at all and weigh sender history far more than content.
A message that scores 0 can still junk if the sending domain has a poor reputation or the list is full of dead addresses. Score the content once, then spend your remaining time on the sender side.
Because content is a minority input. The usual culprits are missing or misaligned authentication, a domain or IP on a blocklist, and a stale list driving bounces and complaints.
Work through them in order: run an SPF, DKIM, and DMARC check on your domain, scan it with the domain spam checker, confirm nothing is listed via the email blacklist check, then clean the list itself. Most “mystery” junking is one of those four.
A reliable pre-send routine has four steps. Audit the draft against the eight content signals above. Check the rendering and links with the email template checker. Run a deliverability test to seed inboxes across providers. Then verify every recipient so bounces never enter the equation.
The whole routine takes under an hour and removes the guesswork that a single content score never could.
Nine address-level checks run in parallel: syntax against RFC 5321 and 5322, domain existence and MX records, a live SMTP handshake with a mailbox ping, disposable-domain match, role-address detection, catch-all detection, an AI-confidence pass on catch-alls, domain age, and SPF, DKIM, and DMARC authentication.
The catch-all resolution matters most: 20 to 40% of B2B lists fail at catch-all domains, the check most free tools skip.
You can run 4 verifications per day from this page with no account at all. Create a free account and you get 1,000 credits immediately, or 2,500 if you sign up with a work address. No card either way.
Past that, credits are pay-as-you-go and never expire, with volume pricing shown for your region.
Yes, and you should: it is the highest-leverage spam fix available. Upload a CSV or call the API and bulk verification runs at roughly 10,000 emails per minute on the standard tier, with a per-address verdict and confidence score back.
Single checks return in about 380 ms median. The API docs cover both shapes, and the SLA runs 99.9% on Starter up to 99.99% on an annual Volume contract.
No. Every address is processed in memory and discarded the moment the verdict returns. Nothing is logged, retained, or sold, which matters when the list you are cleaning is your customer base.
Verifox is SOC 2 Type II compliant, and the privacy policy spells out exactly what we touch. Live uptime is public at status.verifox.ai.
Yes. The REST API drops the same 9-check engine into signup forms, CRMs, and sequencers, and HubSpot, Salesforce, Zapier, Klaviyo, Mailchimp, and Brevo connect out of the box.
For agents, Verifox ships a native MCP server, so Claude, Cursor, or a custom LLM app can verify recipients before a send without glue code. Point the agent at the MCP URL and the tools are wired.
Before your next campaign
The checklist above costs nothing but attention. The list side takes one signup: you get 1,000 free credits on the spot (2,500 with a work email), no card required. Upload a CSV, get a verdict per address, and send to the survivors. Credits never expire, so whatever you do not use this campaign waits for the next one.
