Preview your email in the most popular email clients and mobile devices.    Try it for FREE!

SPAM Filter Series: Avoiding the Assassin

Posted December 6, 2012 by Geoff Phillips

Email Testing RSS Feed Email Test on Twitter Email Preview on Digg Email CSS on Linked In Email Simulator on Stumbled Upon

Spurn the SPAM Filter

This is the second entry in our series on SPAM filters: how they work, how to avoid them, and what we can learn from their output. We already covered the Postini filter in our last blog. Now let's get down to the details with SpamAssassin.

SpamAssassin

SpamAssassin is an open source, content-matching SPAM filter released under the Apache License 2.0. It uses a number of different filtering techniques, including DNS-based spam detection, Bayesian filtering, external programs, blacklists and online databases. Luckily for us, it produces a header which we can use to determine how it categorized and scored your email. Here is a SpamAssassin header:

X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on JetWeb
X-Spam-Level:
X-Spam-Status: No, score=-0.4 required=5.0 tests=ALL_TRUSTED,AWL,DKIM_SIGNED,
       DKIM_VERIFIED,HTML_MESSAGE,URIBL_BLACK autolearn=disabled
       version=3.2.5
X-Spam-Report:
       * -1.4 ALL_TRUSTED Passed through trusted hosts only via SMTP
       * -0.0 DKIM_VERIFIED Domain Keys Identified Mail: signature passes
       * verification
       * 0.0 DKIM_SIGNED Domain Keys Identified Mail: message has a
       signature
       * 0.0 HTML_MESSAGE BODY: HTML included in message
       * 2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
       * [URIs: websitehere.com]
       * -0.9 AWL AWL: From: address is in the auto white-list

X-Spam-Checker-Version

This header tells us the version of SpamAssassin that was used to evaluate your email. The most current stable release is 3.3.2, which was released on June 16, 2011.

X-Spam-Level

This header summarizes the score that is explained in more detail below. It will display 1 star for every point earned by the email, rounded down. For instance an email with a 3.41 SPAM score will be displayed as:

X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on JetWeb
X-Spam-Level: ***

X-Spam-Status

This header starts by telling you flat out if the message was SPAM or not, then it gives you the exact SPAM score (in this case, -0.4), as well as the threshold above which a message is considered SPAM ("required=5.0"). The default setting for the threshold is 5.0, but some SpamAssassin installations use a more or less aggressive threshold. We use a threshold of 5 in our SPAM testing service. If a message's SPAM score is greater than the threshold, it will be categorized as SPAM. Check out the example below:

X-Spam-Status: No, score=-0.4 required=5.0 tests=ALL_TRUSTED,AWL,DKIM_SIGNED,
       DKIM_VERIFIED,HTML_MESSAGE,URIBL_BLACK autolearn=disabled
       version=3.2.5

Notice that it comes in the format: X-Spam-Status: [YES/NO], score=[YOUR SCORE] required=[SCORE>THIS NUMBER=SPAM] tests=[LIST OF TESTS HERE]. In this case, the email's SPAM score was -0.4, and the threshold was set at the default 5.0. Because -0.4 is less than 5.0, this message is not SPAM.

The X-Spam-Status header will also give you a list of the tests that have been performed on the email, which can help you diagnose why a message might be considered SPAM. In this case, the tests performed on the email were:

ALL_TRUSTED,AWL,DKIM_SIGNED,DKIM_VERIFIED,HTML_MESSAGE,URIBL_BLACK

Not sure what those mean? Check out the X-Spam-Report for more details on each test.

X-Spam-Report

The X-Spam-Report breaks down the tests performed for you. The point value of each test is listed on the left. Tests with a negative point value result increase the legitimacy of your email, and tests with a positive result decrease your legitimacy. The X-Spam-Report looks like this:

X-Spam-Report:
       * -1.4 ALL_TRUSTED Passed through trusted hosts only via SMTP
       * -0.0 DKIM_VERIFIED Domain Keys Identified Mail: signature passes
       * verification
       * 0.0 DKIM_SIGNED Domain Keys Identified Mail: message has a
       signature
       * 0.0 HTML_MESSAGE BODY: HTML included in message
       * 2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
       * [URIs: websitehere.com]
       * -0.9 AWL AWL: From: address is in the auto white-list

As you can see, the name of each test is in all caps, followed by a short description of what that test looks for. SpamAssassin is capable of performing hundreds of different tests, so how can you know what you should avoid? Check out our Top Five, below!

Top Five Ways to Avoid the Assassin

  1. Dear ______ - This little doosey is easy to avoid, but it will net you 2.7 SPAM points from SpamAssassin. That puts you half-way to the SPAM box already.
  2. LOOK AT ME! - Using all caps in your subject is like shouting through email. SPAM filters don't like it, and neither does anybody else. Don't use all caps, or use it sparingly.
  3. All Pics, No Words - Emails with lots of pictures and almost no words are often used by spammers to avoid the filters, which is why filters are now sensitive to it. Include a plain-text version of your email and you should be fine.
  4. Extra Inches, Cheap Meds! - Phrases that you see commonly in SPAM messages get higher and higher spam scores with filters like SpamAssassin. Even if you're talking about getting some extra inches of reach with your product, the GrabExtender, you're going to get flagged. Find another way to say things like this and you should be fine.
  5. Free Stuff! - The word "free" is dangerous to use in email subjects because of its popularity with spammers. Try replacing this with "complimentary" or a similar synonym.

If you'd like to learn more about what triggers SpamAssassin's ire, check out their extensive list right here.

Comments

Johnb359 pic
Johnb359
In fact when someone doesnt understand then its up to other visitors that they will help, so here it takes place. kkdeccakdedc
Posted 05/29/2014

Comment via our Blog

Name:
Email:
Location:
URL:

Comment:

Remember my personal information
Notify me of follow-up comments?

Please enter the word you see in the image below:

x
Sign up for our Newsletter

And get updates on the latest email tips, tricks and hacks!