Using Spam Assassin Tags to Filter Your Mail

for Rice University

What is Spam Assassin?

Spam Assassin is a program that runs on Rice's e-mail servers. It examines each incoming message and computes a "SPAM score" based on a wide range of different criteria. If the score is high enough, it adds a special flag to the headers of the message that you can use to identify it as probable unsolicited commercial e-mail.

How does Spam Assassin work?

I wash my hands of those who imagine chattering to be knowledge...

Kahlil Gibran
"A Handful of Sand on the Shore"

When Rice's e-mail servers receive a message, Spam Assassin compares the message to its database of different SPAM criteria. Spam Assassin produces a numerical score based on those criteria. If the score is higher than a threshold value, Spam Assassin adds headers like these to the message:

X-Spam-Status: Yes, hits=15.6 tagged_above=4.0 required=6.9 tests=BAYES_80,
CLICK_BELOW, DATE_IN_FUTURE_03_06, DCC_CHECK, HTML_50_60, HTML_IMAGE_ONLY_04,
HTML_IMAGE_RATIO_02, HTML_LINK_CLICK_HERE, HTTP_ESCAPED_HOST,
HTTP_EXCESSIVE_ESCAPES, HTTP_USERNAME_USED, MIME_HTML_ONLY, MISSING_MIMEOLE,
NORMAL_HTTP_TO_IP, UNSUB_PAGE, USERPASS
X-Spam-Level: ****************
X-Spam-Flag: YES

If the SPAM score is equal to 5.0 or higher, Spam Assassin adds ***SPAM*** to the beginning of the Subject line, like so:

Subject: ***SPAM*** I Must Be Crazy To Offer Such Low Prices on Tamales
Subject: ***SPAM*** Take a Sugar Pill To Enlarge Your Tamale
Subject: ***SPAM*** AMAZING Tamale Diet Gets Results! Viva los tamales!
Subject: ***SPAM*** Stuff envelopes and make enough to buy a tamale
Subject: ***SPAM*** M00rtgag3 your house to buy more tamales!

How accurate is Spam Assassin?

Accuracy is difficult to judge, since one person's SPAM may be a solicited message for somebody else. Looking at some of the logs the Spam Assassin generates, it appears to catch about 80% of SPAM. The rules that Spam Assassin uses to identify SPAM are updated and weighted differently with each revision of the software, so it will keep up with changes in the nature of incoming SPAM.

Rarely, Spam Assassin will tag a legitimate e-mail that has many SPAM-like characteristics. This case is called a false positive. In those cases, you may need to adjust your filtering rules to automatically pass messages from the affected sender.

How can I filter with Spam Assassin?

Filtering your e-mail with Spam Assassin is easy. Just set-up your mail software to filter on the ***SPAM*** Subject line. For details, see these pages for the following e-mail readers:

Eudora 5.2 & 6.1 (PC, Mac)
Netscape 7 and Mozilla (PC, Mac, other platforms)
Outlook 2000/XP (PC)
Outlook Express (PC, POP protocol only)
Microsoft Entourage (MacOS X)
Apple Mail (MacOS X)
pine (UNIX command line)

If you use a departmental server (ECE, BIOC, CS and others), you can also use the filtering utilities available from your UNIX command line, like procmail. Consult your system admin for complete details, but you can find a very simple procmail tutorial here.

If you use our RUF/Owlnet central mail system with webmail (TWIG or IMP), or if you use Outlook with IMAP filtering and our central mail system, then you must use a web-based filter to take advantage of the Spam Assassin filter. Go to www.mail.rice.edu to set-up a filter on the web.

Rick Russell, rickr@rice.edu
2003-06-18