Emailology: Avoiding the Assassin

Spurn the SPAM Filter

This is the second entry in our series on SPAM filters: how they work, how to avoid them, and what we can learn from their output. We already covered the Postini filter in our last blog. Now let's get down to the details with SpamAssassin.

SpamAssassin

SpamAssassin is an open source, content-matching SPAM filter released under the Apache License 2.0. It uses a number of different filtering techniques, including DNS-based spam detection, Bayesian filtering, external programs, blacklists and online databases. Luckily for us, it produces a header which we can use to determine how it categorized and scored your email. Here is a SpamAssassin header:

X-Spam-Checker-Version

This header tells us the version of SpamAssassin that was used to evaluate your email. The most current stable release is 3.3.2, which was released on June 16, 2011.

X-Spam-Level

This header summarizes the score that is explained in more detail below. It will display 1 star for every point earned by the email, rounded down. For instance an email with a 3.41 SPAM score will be displayed as:

X-Spam-Status

This header starts by telling you flat out if the message was SPAM or not, then it gives you the exact SPAM score (in this case, -0.4), as well as the threshold above which a message is considered SPAM ("required=5.0"). The default setting for the threshold is 5.0, but some SpamAssassin installations use a more or less aggressive threshold. We use a threshold of 5 in our SPAM testing service. If a message's SPAM score is greater than the threshold, it will be categorized as SPAM. Check out the example below:

Notice that it comes in the format: X-Spam-Status: [YES/NO], score=[YOUR SCORE] required=[SCORE>THIS NUMBER=SPAM] tests=[LIST OF TESTS HERE]. In this case, the email's SPAM score was -0.4, and the threshold was set at the default 5.0. Because -0.4 is less than 5.0, this message is not SPAM.

The X-Spam-Status header will also give you a list of the tests that have been performed on the email, which can help you diagnose why a message might be considered SPAM. In this case, the tests performed on the email were:

Not sure what those mean? Check out the X-Spam-Report for more details on each test.

X-Spam-Report

The X-Spam-Report breaks down the tests performed for you. The point value of each test is listed on the left. Tests with a negative point value result increase the legitimacy of your email, and tests with a positive result decrease your legitimacy. The X-Spam-Report looks like this:

As you can see, the name of each test is in all caps, followed by a short description of what that test looks for. SpamAssassin is capable of performing hundreds of different tests, so how can you know what you should avoid? Check out our Top Five, below!

Top Five Ways to Avoid the Assassin

1. Dear ______ - This little doosey is easy to avoid, but it will net you 2.7 SPAM points from SpamAssassin. That puts you half-way to the SPAM box already.
2. LOOK AT ME! - Using all caps in your subject is like shouting through email. SPAM filters don't like it, and neither does anybody else. Don't use all caps, or use it sparingly.
3. All Pics, No Words - Emails with lots of pictures and almost no words are often used by spammers to avoid the filters, which is why filters are now sensitive to it. Include a plain-text version of your email and you should be fine.
4. Extra Inches, Cheap Meds! - Phrases that you see commonly in SPAM messages get higher and higher spam scores with filters like SpamAssassin. Even if you're talking about getting some extra inches of reach with your product, the GrabExtender, you're going to get flagged. Find another way to say things like this and you should be fine.
5. Free Stuff! - The word "free" is dangerous to use in email subjects because of its popularity with spammers. Try replacing this with "complimentary" or a similar synonym.

If you'd like to learn more about what triggers SpamAssassin's ire, check out their extensive list right here.