What is SpamAssassin?

Advanced users might notice that the "full headers" of some mail you receive through our Web hosting service include headers named X-Spam-Status, X-Spam-Level, X-Spam-Score, X-Spam-Flag and X-Spam-Report.

The headers are added by a scanner called SpamAssassin that examines most incoming messages that make it past our other spam filters.

(A few messages are not scanned by SpamAssassin for various reasons, such as their size, and therefore won't have any extra SpamAssassin headers.)

On this page:

How does SpamAssassin work?

SpamAssassin looks at the actual content of each message and assigns it a "spam level" score based on how much it "looks like" spam; for example, messages that mention "Viagra" will receive a higher score than messages that don't.

SpamAssassin adds special "headers" to each message showing the details of the score it calculated. The headers are usually invisible unless you show the "full Internet headers" in your mail program.

You can create rules in most mail programs to sort mail that receives high SpamAssassin scores. For example, our Webmail system and Microsoft Outlook allow you to create rules based on message headers.

Here are some sample "headers" from a spam message:

X-Spam-Status: Yes, hits=9.0 tagged_above=-999.0 required=7.0
  tests=FORGED_RCVD_NET_HELO, FORGED_YAHOO_RCVD, HTML_20_30,
  HTML_IMAGE_ONLY_04, HTML_MESSAGE, HTML_WEB_BUGS,
  NO_RDNS_DOTCOM_HELO
X-Spam-Score: 9.0
X-Spam-Level: *********
X-Spam-Flag: YES
X-Spam-Report: SpamAssassin headers added by tigertech.net. Test details:
  * 0.6 HTML_WEB_BUGS BODY: Image tag intended to identify you
  * 0.5 HTML_20_30 BODY: Message is 20% to 30% HTML
  * 1.5 HTML_IMAGE_ONLY_04 BODY: HTML: images with 200-400 bytes of words
  * 3.0 NO_RDNS_DOTCOM_HELO Host HELO'd as a big ISP, but had no rDNS
  * 3.0 FORGED_RCVD_NET_HELO Host HELO'd using the wrong IP network
  * 0.5 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers

This message received a SpamAssassin score of 9 for the six different reasons shown. The reasons are often technical: in this case, most of the score was due to the spammer's computer impersonating Yahoo.com, for example. In our experience, a message with a score of 7 or more is almost always spam, so one option you might want to consider, if your mail program allows it, is to add a rule that looks for messages that contain at least seven asterisks in the "X-Spam-Level:" header and files them in a "Spam" folder.

How can I use SpamAssassin scores in Webmail?

You can use the SpamAssassin scores to filter probable spam using Webmail filtering rules. (This creates a simple Sieve email filter behind the scenes.)

First of all, create a folder called something like "Spam" if you haven't already done so:

  1. In Webmail, click Settings at the top
  2. Click Email Account in the left column
  3. Click the Manage Folders tab
  4. Create a folder named “Spam”

Then add a filtering rule:

  1. Click Settings at the top
  2. Click Email Account in the left column
  3. Click the Filters tab
  4. Click Add Filter
  5. Create a rule where the “X-Spam-Level” header contains *******. It should look like this:
screen shot

After you create the rule, click Save.

This rule will make our mail servers examine any new messages to see if they have a SpamAssassin score of 7 or more (because those messages have seven or more asterisks in a "X-Spam-Level" header). If you want to make it more sensitive, you could use fewer asterisks in the rule (but that may lead to more "false positives").

Remember that SpamAssassin isn't 100% perfect (see the next section for details about that), so be sure to glance at the contents of the "Spam" folder every so often.

Why aren’t messages with high SpamAssassin scores completely blocked?

We do block most messages with very high SpamAssassin scores (over 14 for the "Standard Spam Filtering" setting), but we don't block messages with scores lower than that, even when SpamAssassin adds “X-Spam-Status: Yes” and “X-Spam-Flag: YES” headers.

SpamAssassin is fairly accurate in identifying spam that makes it past our blocking filters, but it's not perfect. It can misidentify borderline messages that "look like" spam but really aren't, such as messages from friends sending Viagra jokes, or messages containing legitimate information about prescription drugs, or messages in which the sender's mail server had some sort of technical configuration problem that made it appear that it was "forging" someone else's domain name.

As a real-world example, SpamAssassin adds 1.8 points to the score of a message with a subject that contains only capital letters. Most such messages are spam, even though some aren't. 1.8 points isn't nearly enough for a message to be considered "spam" by itself, but it's remotely possible that an unlucky combination of several such things can give a perfectly innocent message a high SpamAssassin score.

So SpamAssassin can very occasionally lead to "false positives". For example, we estimate that one message out of a thousand that scores 7 SpamAssassin points is actually not spam (although it will usually be mailing list mail that "looks like" spam, not personal mail). Our initial blocking filters have higher standards than that — we aim for less than one false positive per million messages blocked — so we don't block messages with a score of 7 outright.

Most people who want to filter mail with high SpamAssassin scores will want to at least glance at the sender and subject of each message before deleting them. Customers usually use the “X-Spam-Status”, “X-Spam-Flag”, and/or “X-Spam-Level” headers to filter SpamAssassin-tagged messages into a “Spam” folder of their mail program, where they can look through them if they suspect they’re missing a legitimate message. We have pages explaining how to do this in Webmail (above), and also in Mozilla Thunderbird, Microsoft Outlook.

How can I get more information about SpamAssassin?

For more information about SpamAssassin, including descriptions of what a high score actually means, see the SpamAssassin website.