Customer.io Now Runs SpamAssassin on Your Email Before You Send: How to Read the Design Studio Readiness Score
On 22 July 1962, NASA launched Mariner 1 from Cape Canaveral to fly past Venus. It never got there. A range safety officer ordered the rocket destroyed 293 seconds after lift-off when it veered off course, threatening the North Atlantic shipping lanes. The Post-Flight Review Board traced the failure to a single missing character... a "dropped hyphen or overbar" in hand-coded guidance instructions. When the rocket's radar beacon cut out, the missing character let the computer act on data it should have ignored. It steered the rocket hard left, nose down, and the vehicle obeyed.
The lost mission cost $80 million—around $630 million in 2014 dollars—and Arthur C. Clarke later called the typo "the most expensive hyphen in history". The painful part: the defect sat in the code through months of preparation. Nothing read the instructions before ignition.
Email teams live a small version of this every week. The template looked fine in the editor, the send went out, and the broken personalisation or dead link surfaced only in a customer's inbox. On 7 July 2026, Customer.io shipped a pre-flight check for exactly this: a Review panel in Design Studio that finds send-blocking errors, audits your images, validates your links, and scores your email against SpamAssassin. The findings roll up into a 0-100 readiness score.
This post is a reading guide. What the panel actually checks, how the traffic-light logic works, and which errors genuinely block a compliant send. Then the bigger question: what the score cannot see, and the 10-minute pre-send routine that treats the panel as a floor, not a QA process.
What does the Review panel actually check?
The Customer.io docs describe the Review panel as validating your Liquid syntax, links, images and accessibility, plus a SpamAssassin score "so you know how likely inboxes are to filter it out as spam". Click Review at the top of the Design Studio editor and the panel opens with the readiness score at the top and the findings below. The feature carries a Beta badge as of July 2026, so expect it to change.
Here's the detail most coverage will miss: these checks aren't new. The release note says it plainly: "Previously, these tools were hidden in the code editor. Now you can access them from the same review panel in either the visual or code editors." The link validator, image audit, accessibility checker and SpamAssassin score have lived on the code editor's developer tools for a while. What shipped on 7 July is the surfacing: checks that only engineers saw are now in front of everyone who ships email from the visual editor.
The developer-tools page is worth reading for what sits underneath. The accessibility checker runs AXE 4.3 rules plus custom email-specific rules—things like tables needing role="presentation" and VML elements needing alt text—sorted by severity from Critical to Mild. The image validator checks that images load, use secure URLs and are optimised. The link validator confirms each link resolves, and the SpamAssassin check can be re-run on demand.
One distinction to keep straight: the Review panel is not the same thing as Customer.io's AI email content analysis. That's a separate feature, triggered by an Analyze Email Content button, which uses AI to judge trustworthiness, clarity and brand voice. The Review panel is rule-based validation. We looked at the AI side of Design Studio in our review of its brand-styles and subject-line features; this post is about the deterministic checks.
The traffic lights read severity, not the score
The panel's colour and its number measure different things, and the docs are explicit: "The panel is either red, yellow, or green, depending on the issues found, not the score itself." Red means an error could stop your email sending or create a compliance issue—fix it before sending. Yellow means there are quality improvements worth reviewing. Green means your email is ready to send.
That readiness score is a different animal. It's "a sum of the errors, warnings, and tips surfaced in the rest of the panel", rising as you resolve items. That makes it a progress bar, not a pass mark. The docs' own screenshot shows an email scoring 96 with a couple of accessibility tips outstanding. There is no documented threshold you need to clear, and chasing the last four points by clearing every tip is time better spent on the checks the panel cannot run.
So read it this way: the colour is the verdict, the number is the direction of travel. A red panel with a high score still blocks you. A green panel with a 92 does not need to become a 100.
The two reds that matter most
The docs name two errors you might encounter, and both deserve their reputation. An "issue with liquid syntax—the message won't render correctly" and "no unsubscribe link—compliance risk".
Broken Liquid is the render-wrong failure. A malformed tag or an unclosed condition can stop the message sending at all. And even syntactically valid Liquid fails quietly when a property is null—we catalogued six Liquid patterns that silently break exactly this way. The panel catches the syntax class of problem. The docs' own advice covers the rest: add fallback values and preview your message with multiple profiles. More on that gap below.
The missing unsubscribe link is the compliance red. Since February 2024, Google's sender guidelines have required one-click unsubscribe for senders of 5,000 or more messages a day. The same rules say marketing and subscribed messages must include a clearly visible unsubscribe link in the message body. Microsoft brought in its own enforcement for Outlook senders in May 2025, rejecting non-compliant mail outright. An email with no unsubscribe link is undeliverable at scale in 2026. If the panel shows this red, nothing else on the list matters until it's fixed.
What the readiness score cannot see
Everything the panel checks lives inside your template. It cannot read your data, your reader's email client, or the AI layer that now sits between your send and their attention. Three blind spots matter most.
First, null properties across real profiles. The Liquid check validates syntax, not outcomes. {{ customer.first_name }} passes review whether or not the attribute exists on the people you're sending to, which is why the docs tell you to add fallbacks and preview with multiple profiles. A green panel says nothing about the subscriber with a half-empty profile.
Second, dark mode. Gmail and Outlook force-invert colours you never chose, and Design Studio has dark-mode styles and previews precisely because light-mode-only QA misses inverted logos and vanished text. Dark mode isn't among the checks the docs list for the Review panel.
Third, the AI inbox. Gmail's Gemini layer now summarises and reorders email before anyone reads it, and Apple Intelligence rewrites your carefully built preheader into its own preview line. No template-level check can tell you what an AI summary will make of your first 200 words. Only a seed send shows you that.
SpamAssassin in 2026: useful, dated, one signal
The spam check inside the panel is Apache SpamAssassin, an open-source filter that has been scoring email since 2001. It works from a rule-based scoring framework: heuristic tests on headers and body text, Bayesian filtering, DNS blocklists. Customer.io's docs read it simply—the lower the score the better, and higher scores are more likely to be sent to spam.
That's a genuinely useful lint pass. SpamAssassin's rules catch the classic constructs—shouty subject lines, link-heavy bodies, sketchy HTML—and a surprisingly high score is always worth investigating before you send.
What it is not is a deliverability forecast. Gmail and Outlook run their own filtering, built on signals SpamAssassin never sees: your domain reputation, your authentication, your engagement history, and your complaint rate. Google says to hold that last one below 0.10%, and never past 0.30%. A rule-based content score from an open-source project can't tell you whether Gmail trusts your domain. Read a low SpamAssassin score as "content isn't the problem", never as "this will inbox".
The 10-minute pre-send routine
The panel earns a permanent slot at the start of your pre-send routine. It should not become the routine. Here's the version that layers it properly:
- Review panel, two minutes. Open Review, fix every red, read the yellows and act on the cheap ones. Ignore the number.
- Multi-profile preview, three minutes. Preview the message as at least three real profiles: one fully populated, one missing the attributes your Liquid leans on, one edge case (longest name, no company, unusual locale). This is the docs' own advice, and it catches what the syntax check cannot.
- Dark mode pass, two minutes. Flip the preview to dark mode and check your logo, text contrast and buttons survive inversion.
- Seed send, three minutes. Send to your own accounts on Gmail, Outlook and Apple Mail. Read it on a phone. Look at what the inbox summary line actually says, not what your preheader hoped it would.
Ten minutes, and the panel does the part it's good at: catching the Mariner 1 class of defect—the small, mechanical, checkable error—before ignition. The rest of the routine covers what no template check can: your data, your reader's screen, and the AI that reads your email first.
Frequently asked questions
What is a good readiness score in Customer.io?
There isn't a documented target, and the panel's colour matters more than the number. Customer.io's docs state the panel is red, yellow or green "depending on the issues found, not the score itself"—the score is a sum of outstanding errors, warnings and tips. Fix everything red, review the yellows, and ship. The docs' own example screenshot shows an email at 96 with minor tips remaining.
Does a green review panel mean my email will land in the inbox?
No. Green means the panel found no send-blocking errors in your template—it says nothing about inbox placement. Deliverability rides on domain reputation, authentication, engagement and complaint rate, and Google's sender guidelines require spam rates below 0.30% regardless of how clean your template is. Treat green as "safe to send", not "will be seen".
What does the SpamAssassin score in Design Studio measure?
It runs your email through Apache SpamAssassin, an open-source spam filter that scores messages against rule-based tests on headers and body content. Customer.io's docs say the lower the score the better, and that higher scores are more likely to be sent to spam. It measures how spammy your content looks to one particular filter—not how Gmail or Outlook will treat your send.
Why is my Customer.io review panel red?
A red panel means Design Studio found an error that could stop your email sending or create a compliance issue, and Customer.io says to fix it before sending. The documented examples are a Liquid syntax issue, which stops the message rendering correctly, and a missing unsubscribe link, which is a compliance risk under the bulk-sender rules Gmail introduced in 2024.
Does the review panel check dark mode rendering?
Dark mode isn't among the checks the docs list—the panel covers Liquid syntax, links, images, accessibility and a SpamAssassin score. Design Studio handles dark mode separately, with dark-mode styles and a dark preview. Keep a manual dark-mode pass in your pre-send routine; a green panel won't warn you about an inverted logo.
Is the review panel available on the Builder plan?
The docs list the feature for every plan—Builder, Essentials, Premium and Enterprise. Teams building and testing on the Builder plan get the same Review panel and readiness score as any other workspace.
Where do I find the review panel in Design Studio?
Click Review at the top of the editor. The panel opens with the readiness score first, followed by the errors, warnings and tips it found. Per the release note, it works from both the visual editor and the code editor.
Is the review panel the same as Customer.io's AI email content analysis?
No, they're separate features. The Review panel is rule-based validation: Liquid syntax, links, images, accessibility and a SpamAssassin score. Email content analysis is an AI feature with its own Analyze Email Content button that judges trustworthiness, clarity and brand consistency. You can use both on the same email; they answer different questions.
Did Customer.io just add SpamAssassin to Design Studio?
No—the SpamAssassin check existed before, along with the link, image and accessibility validators, but they lived in the code editor's developer tools. The 7 July 2026 release moved them into a Review panel available from both the visual and code editors, and added the 0-100 readiness score that sums their findings.
Can the review panel check how my email renders with real customer data?
No. The Liquid check validates syntax, not rendered output per person. An attribute reference passes review even if the attribute is empty on half your list. Customer.io's docs recommend adding fallback values to your Liquid and previewing the message with multiple profiles—that preview habit is the only way to see what a sparse profile actually receives.
Does fixing everything in the review panel make my email compliant?
It clears the most visible requirement—the unsubscribe link—but compliance is wider than the template. Gmail's bulk-sender rules also require SPF, DKIM and DMARC authentication, one-click unsubscribe headers, and a spam rate below 0.30%. The panel audits your email's content; it doesn't audit your DNS records or your sending behaviour.
Is the readiness score out of beta?
No—as of July 2026 the docs mark the Review panel as a Beta feature that Customer.io is actively working on. Expect the checks and the scoring to evolve, and re-read the docs page before treating any specific behaviour as permanent.
Sources
- Design Studio: find and fix errors with the new review panel. Customer.io release notes, 7 July 2026.
- Review your email for quality and accessibility. Customer.io Docs, updated 10 July 2026.
- Validate your email. Customer.io Docs, updated 10 July 2026.
- Email content analysis. Customer.io Docs, updated 3 October 2025.
- Apache SpamAssassin. Apache Software Foundation.
- Email sender guidelines. Google, effective 1 February 2024.
- Mariner 1 destroyed due to code error, July 22, 1962. EDN, 22 July 2019.
- The Typo that Destroyed a NASA Rocket. Priceonomics, 20 June 2014.


