What is SpamAssassin?

Advanced users might notice that the "full headers" of some mail you receive through our Web hosting service include headers named X-Spam-Status, X-Spam-Level, X-Spam-Flag and X-Spam-Report.

The headers are added by a scanner called SpamAssassin that examines most incoming messages that make it past our other spam filters.

(Some messages that are "whitelisted" by our spam filters — because, for example, they come from someone you've previously corresponded with — are not scanned by SpamAssassin at all and therefore won't have any extra SpamAssassin headers.)

On this page:

How does SpamAssassin work?

SpamAssassin looks at the actual content of each message and assigns it a "spam level" score based on how much it "looks like" spam; for example, messages that mention "Viagra" will receive a higher score than messages that don't.

SpamAssassin adds special "headers" to each message showing the details of the score it calculated. The headers are usually invisible unless you show the "full Internet headers" in your mail program.

You can create rules in most mail programs to sort mail that receives high SpamAssassin scores. For example, our Webmail system and Microsoft Outlook (but curiously not Outlook Express) allow you to create rules based on message headers.

Here are some sample "headers" from a spam message:

X-Spam-Status: Yes, hits=9.0 tagged_above=-999.0 required=7.0
  tests=FORGED_RCVD_NET_HELO, FORGED_YAHOO_RCVD, HTML_20_30,
  HTML_IMAGE_ONLY_04, HTML_MESSAGE, HTML_WEB_BUGS,
  NO_RDNS_DOTCOM_HELO
X-Spam-Level: *********
X-Spam-Flag: YES
X-Spam-Report: SpamAssassin headers added by tigertech.net. Test details:
  * 0.6 HTML_WEB_BUGS BODY: Image tag intended to identify you
  * 0.5 HTML_20_30 BODY: Message is 20% to 30% HTML
  * 1.5 HTML_IMAGE_ONLY_04 BODY: HTML: images with 200-400 bytes of words
  * 3.0 NO_RDNS_DOTCOM_HELO Host HELO'd as a big ISP, but had no rDNS
  * 3.0 FORGED_RCVD_NET_HELO Host HELO'd using the wrong IP network
  * 0.5 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers

This message received a SpamAssassin score of 9 for the six different reasons shown. The reasons are often technical: in this case, most of the score was due to the spammer's computer impersonating Yahoo.com, for example. In our experience, a message with a score of 7 or more is almost always spam, so one option you might want to consider, if your mail program allows it, is to add a rule that looks for messages that contain at least seven asterisks in the "X-Spam-Level:" header and files them in a "Spam" folder.

How can I use SpamAssassin scores in Webmail?

You can use the SpamAssassin scores to filter probable spam using Webmail filtering rules. (Note, however, that this method only works properly if Webmail is the only way you read your e-mail: if you read mail on multiple devices, you should probably use the Sieve filtering system instead.)

First of all, create a folder called something like "Spam" if you haven't already done so:

  1. In Webmail, click Preferences
  2. Click Folder Preferences
  3. Click Create / Rename / Delete Folders
  4. Create a folder named "Spam"

Then add a filtering rule:

  1. Click Preferences
  2. Click Message Filters
  3. Click Add New Rule
  4. Create a rule that matches the header "X-Spam-Level: *******". It should look like the picture below.
screen shot

This rule will make Webmail examine any new messages to see if they have a SpamAssassin score of 7 or more (because those messages have seven or more asterisks in a "X-Spam-Level" header). If you want to make it more sensitive, you could use fewer asterisks in the rule (but that may lead to more "false positives").

Remember that SpamAssassin isn't 100% perfect (see the next section for details about that), so be sure to glance at the contents of the "Spam" folder every so often.

Can't you just completely block messages with high SpamAssassin scores?

We do block most messages with very high SpamAssassin scores (over 14 for the "Standard Spam Filtering" setting), but we don't block messages with scores lower than that.

SpamAssassin is fairly accurate in identifying spam that makes it past our blocking filters, but it's not perfect. It can misidentify borderline messages that "look like" spam but really aren't, such as messages from friends sending Viagra jokes, or messages containing legitimate information about prescription drugs, or messages in which the sender's mail server had some sort of technical configuration problem that made it appear that it was "forging" someone else's domain name.

As a real-world example, SpamAssassin adds 1.8 points to the score of a message with a subject that contains only capital letters. Most such messages are spam, even though some aren't. 1.8 points isn't nearly enough for a message to be considered "spam" by itself, but it's remotely possible that an unlucky combination of several such things can give a perfectly innocent message a high SpamAssassin score.

So SpamAssassin can very occasionally lead to "false positives". For example, we estimate that one message out of a thousand that scores 7 SpamAssassin points is actually not spam (although it will usually be mailing list mail that "looks like" spam, not personal mail). Our initial blocking filters have higher standards than that — we aim for less than one false positive per million messages blocked — so we don't block messages with a score of 7 outright.

Most people who use medium-high SpamAssassin scores will want to at least glance at the sender and subject of each message before deleting them. Customers usually filter SpamAssassin-tagged messages into a "Spam" folder of their mail program, where they can look through them if they suspect they're missing a legitimate message.

How can I get more information about SpamAssassin?

For more information about SpamAssassin, including descriptions of what a high score actually means, see the SpamAssassin Web site.