SpamAssassin

Validity (and before that, Return Path) has long offered access to various bits of reputation data to email users via DNS, primarily utilized via a particular SpamAssassin plugin. Checks include whether or not an IP address is on the Validity Certification whitelist, on the “Validity Safe” (aka Habeas) whitelist, or is on the “Validity RPBL” (Return Path Reputation Network Blacklist). Validity’s Tom Bartel recently posted to the Mailop list indicating upcoming changes/restrictions to that access, and I figured it would be good to pass that along here, to broaden the reach to help those who might miss this on Mailop. He writes: “I wanted to pass along an update regarding coming changes in 2024 to public query access for Validity reputation data in DNS.  We’re finalizing implementation of necessary response codes (including in Spam Assassin) to enable this.  It’s similar to the Spamhaus DQS changes a while ago.  Any questions and/or

Breaking news! Popular open-source spam filter SpamAssassin version 4.0.0 was just released. Find more information in the release notes here.Kevin A. McGrail, Chair Emeritus, Apache SpamAssassin, had this to say about the new version: “The efficacy is much higher, better support for different types of RBLs, DMARC scoring, etc.” Sounds like it’s worth checking out! I know I’ll be testing it shortly.[ H/T: Nicola Selenu ]

Here’s a question that a friend asked me lately: What does the SpamAssassin “HEADER_FROM_DIFFERENT_DOMAIN” rule (“From and EnvelopeFrom 2nd level mail domains are different”) mean?First, we need to understand what they mean by From and Envelope From. In this case, the from address is your visible from address – aka the 5322.From address, and the “EnvelopeFrom” is the 5321.From, aka the return-path or bounce address. The from address you are probably most familiar with. If you’re not familiar with the return path, I’ve blogged about that recently here.What SpamAssassin is warning about here is that these two email address fields have different domain names; they do not match. This lack of domain matching is called a “lack of alignment” and in this instance, the mismatch between these two domains is called a “lack of SPF alignment” — potentially affecting Sender Policy Framework authentication success in the context of DMARC. If your…

It’s always good to check your email messages against the popular and free SpamAssassin spam filter (maybe even using my KBXSCORE tool?) to try to minimize your spam score. But sometimes the results can be cryptic, or you get a quite unexpected result. Understanding SpamAssassin’s feedback can sometimes be a bit of a challenge. You get a list of scoring keywords and perhaps a sentence or two about what each one means. But what if you need more? Check out what Deliverability Consultant Nicola Selenu has put together over on his Top Deliverability website: A list of all the SpamAssassin rules, with detailed descriptions and little code snippets showing you what words and tags the filter is often looking for! This is something that I’m definitely bookmarking for future reference. Thanks, Nicola, for compiling and sharing this! It might not make every single spam filter rule easier to understand, but more data leads…

I was just testing an email for a friend of a friend. Part of that testing involved running the email through my KBXSCORE checker. It came back with very few issues; most of the header bits are configured properly and the email is fully authenticated.But I had a weirdly higher-than-expected SpamAssassin score, and when I looked at what rule caused the score to spike, it was this one: PDS_OTHER_BAD_TLD. This particular SpamAssassin rule is meant to warn users of “untrustworthy TLDs” (top level domains) like, for example, .click. Meaning that the makers of SpamAssassin believe that linking to a “dot click” domain is a spam sign.But this email didn’t link to a “dot click” domain. Or did it? I couldn’t see it at first, but then I went through the text version with a fine tooth comb and here’s what I saw (slightly redacted):Thank you for subscribing to receive emails from…

SpamAssassin is a mature, widely-deployed open source project that serves as a mail filter to identify Spam. SpamAssassin uses a variety of mechanisms including header and text analysis, Bayesian filtering, DNS blocklists, and collaborative filtering databases. SpamAssassin runs on a server, and filters spam before it reaches your mailbox. SpamAssassin works by “scoring” each e-mail […]