Techincal Support || Troubleshoot || Additional Software || System Bulletins

SpamAssassin

Internet Channel has been testing anti-spam technologies to help keep the often offensive unsolicited bulk e-mail out of the mailboxes of customers who do not want it.

We have chosen "SpamAssassin" to tag incoming e-mail as to its likelihood of being spam. "SpamAssassin" uses a points system to take many criteria into consideration when determining whether or not a message is spam. When these individual criteria (each is assigned a certain number of points) add up to more than a predetermined number (we default this number to 6) "SpamAssassin" calls the message spam.

"SpamAssassin" only marks the message to indicate its opinion as to whether or not the message is spam. We have configured this marking to be non-visible by default. It adds a few lines of text into the header of the message.

These lines are not normally displayed in most e-mail programs. However most e-mail programs are capable of filtering messages into special folders based on the information in these normally hidden headers. What you do with "SpamAssassin"'s judgment of the message is up to you. We merely provide the tool.

Here is an example of the headers added to a non-spam message:

X-Spam-Status: No, hits=0.6 required=6.0
        tests=SPAM_PHRASE_00_01,X_AUTH_WARNING
        version=2.43
X-Spam-Level:

Here is an example of the headers added to a spam message:

X-Spam-Status: Yes, hits=21.7 required=6.0
        tests=ACT_NOW,CTYPE_JUST_HTML,FORGED_YAHOO_RCVD,
              FORM_W_MAILTO_ACTION,LINES_OF_YELLING,LINES_OF_YELLING_2,
              MAILTO_LINK,MAILTO_TO_REMOVE,MAILTO_TO_SPAM_ADDR,
              MAILTO_WITH_SUBJ,MAILTO_WITH_SUBJ_REMOVE,NO_REAL_NAME,
              OPT_IN,RCVD_FAKE_HELO_DOTCOM,RCVD_IN_OSIRUSOFT_COM,
              SPAM_PHRASE_13_21,SUBJ_REMOVE,TAKE_ACTION_NOW,
              TO_BE_REMOVED_REPLY,TRACKER_ID,UPPERCASE_25_50,
              USER_AGENT_OE,WORK_AT_HOME,X_OSIRU_SPAM_SRC
        version=2.43
X-Spam-Flag: YES
X-Spam-Level: *********************
X-Spam-Checker-Version: SpamAssassin 2.43 (1.115.2.20-2002-10-15-exp)
X-Spam-Report:   21.70 hits, 6 required;
  *  2.2 -- Received contains a faked HELO hostname
  *  1.3 -- From: does not include a real name
  *  0.2 -- X-Mailer header indicates a non-spam MUA (Outlook Express)
  *  2.2 -- BODY: Tells you to 'take action now!'
  *  1.5 -- BODY: Talks about opting in
  *  1.3 -- BODY: Incorporates a tracking ID number
  *  0.7 -- BODY: List removal information   
  *  0.4 -- BODY: Says: "to be removed, reply via email" or similar
  *  0.4 -- BODY: Information on how to work at home (1)
  *  0.3 -- BODY: Act Now! Don't Hesitate!
  *  1.3 -- BODY: Spam phrases score is 13 to 21 (high)
            [score: 20]
  *  0.2 -- BODY: 2 WHOLE LINES OF YELLING DETECTED
  *  0.2 -- BODY: A WHOLE LINE OF YELLING DETECTED
  *  1.2 -- BODY: Includes a form which will send an email
  *  0.2 -- BODY: Includes a URL link to send an email
  *  0.7 -- URI: Includes a link to a likely spammer email address
  *  0.6 -- URI: Includes a URL link to send an email with the subject 'remove'
  *  0.4 -- URI: Includes a link to send a mail with a subject
  *  0.2 -- URI: Includes a 'remove' email address
  *  1.4 -- 'From' yahoo.com does not match 'Received' headers
  *  0.4 -- RBL: Received via a relay in relays.osirusoft.com
            [RBL check: found 84.29.161.200.relays.osirusoft.com., type: 127.0.0.4]
  *  2.7 -- RBL: DNSBL: sender is Confirmed Spam Source
  *  1.3 -- message body is 25-50% uppercase
  *  0.4 -- HTML-only mail, with no text version

We have been running "SpamAssassin" for a few months now in testing and find it to be about 80-99% effective with a very low occurrence of false positives (incorrectly labeling a message as spam when it is actually a legitimate e-mail). Making personal changes to your SpamAssassin preferences can significantly increase the effectiveness and further reduce the possiblity of false positives. However, false positives are possible and you should not throw tagged messages away out of hand. You should first ask yourself how bad it would be for you to discard an important message.

We suggest filtering all tagged messages to a separate quarantine folder. You can either quickly scan the subject and sender of messages in that folder without being subjected to the content of those messages before deciding to view or delete the messages.

Some of the more likely candidates for false positives are:

Off-color jokes because of the words used which are common in pornograph spam.
Messages from certain countries in Asia and South America due to the large number of unsecured computers in these countries which spammers use to relay their messages to users all over the world.
Legitimate marketing messages are sometimes caught due to their use of phrases similar to the verbiage most often seen in spam.

You can configure your e-mail software to act on SpamAssassin's tagging of the messages using the instructions found on this web page.

We provide a mechanism whereby you can adjust the "SpamAssassin" settings for your personal e-mail to reduce the number of false positives and/or increase the effectiveness of "SpamAssassin" for your individual mix of e-mail. In the war against spam, there is no one configuration which will work for all users.

You can adjust your SpamAssassin preferences using this web site.

On the above site you can:

Adjust the required number of points for a message to be tagged as spam.
Set how the message is marked up.
Set whether or not the message should be modified to reduce the likelihood of your mail client automatically running malicious programs inside the message.
Blacklist or whitelist various e-mail addresses as needed to prevent false positives and to catch senders that you think should be caught but are not being caught.