SpamAssassin

This document contains

• A general overview of what SpamAssassin does

• Information about viewing Spam Scores

• Solutions to common problems with mail filtering and spam

Related pages

• Setting up your .procmailrc and using the vacation program

General Information

SpamAssassin (http://www.spamassassin.org) is a mail filter to identify spam email. It tests each message against a lengthy set of rules (see below) that are common characteristics of spam and generates a rating representing the likelihood that the message is spam.  Once a rating is generated, that rating is included in the email headers so that a filtering program (see our procmail* page to see how to do this) can be used to flag the email, filter it into a special folder, or discard it.

What rules does it use to determine whether a message is spam?

SpamAssassin uses an extensive list of tests to test the likelihood that a message has been sent by a spammer. A message's score increases if, for example, it is received via a relay in a blacklisted domain (one that has been publicly recognized for generating spam), is forged pretending to be from MS Outlook, contains explicit content, or if the body of the message contains a significant amount of HTML code. On the other hand, a message's score decreases if there is reason to suggest that it is a legitimate message, like quoted email text (indicative of a reply), or if the sender uses a Unix-based email client like Pine.

For a complete list of SpamAssassin's tests, see http://eu.spamassassin.org/tests.html.

Viewing Spam Score

We currently prepend "[Likely SPAM]" to messages with high SpamAssassin scores. The level at which this string is applied is deliberately set high so as to be conservative in our declaration of what is probably spam. This keeps legitimate messages from being mistakenly tagged.

To view the score for a particular message, full headers need to be enabled in your mail client of choice. There should be three extra fields reporting SpamAssassin scoring information in the header of the message: X-Spam-Status, X-Spam-Level, and X-Spam-Checker-Version (see the bold lines below).

Example:

Received: from localhost [127.0.0.1] by ares with SpamAssassin (2.50 1.173-2003-02-20-exp);
Mon, 25 Aug 2003 13:33:05 %z
From: sender@domain.com
To: me@cs.virginia.edu
Subject: Re: Thank you!
Date: Mon, 25 Aug 2005 10:33:07 +0800
Message-Id: <200308251732.h7PHWtvW010724@ares.cs.Virginia.EDU>
X-Spam-Status: Yes, score=7.9 required=5.0
tests=DATE_IN_PAST_12_24,FORGED_MUA_OUTLOOK,FROM_ENDS_IN_NUMS,
MICROSOFT_EXECUTABLE,MIME_BOUND_NEXTPART,MISSING_MIMEOLE,
MSG_ID_ADDED_BY_MTA_3,NO_REAL_NAME,SEMIFORGED_HOTMAIL_RCVD
version=3.0.2
X-Spam-Level: *******
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on
                                           whirlwind.cs.Virginia.EDU
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_3F4A4851.7F9D4976"

Now that you have your scoring in place you have to set up your .procmailrc to use the scoring for filtering.  See our procmail* page for information on how to do this.

Common Problems

Legitimate email keeps getting filtered out.  What should I do?

Occasionally SpamAssassin will generate a false positive on a legitimate message, which is why we recommend setting up filtering to move mail marked as spam to a separate folder as opposed to deletion. Based on personal experience, SpamAssassin seems to be a bit trigger-happy when testing for forged mail pretending to be from Microsoft Outlook; that is, mail actually sent by someone using Outlook as a mail client is reported as forged, increasing those messages' scores.

SpamAssassin provides a whitelisting option that forces mail from addresses on a user's white list to be reported as spam, never to be filtered out.

To add an address to your white list, simply create a file named ~.spamassassin/user_prefs in your home directory, and include the following line for each address you wish to whitelist:

whitelist_from address@domain.com

How can I reduce the amount of SPAM sent out to my mailing lists?

See our page about SPAM on mailman lists*.

*This page is a "coming soon" attraction.