Spamassassin adds paid safe lists which allows spam through

Posted at 7:55:17 AM in Vendors (35)

I've recently seen a lot of SPAM leak through my spamassassin even though they are marked with a high score on the bayes scoring. Here is a typical score from an email from groupon.com for a Steakhouse Dinner to emails that don't exist. Unsolicited advertisement. I think this would easily be classified as SPAM.

X-Spam-Report:
*  4.8 BAYES_99 BODY: Bayes spam probability is 99 to 100%
*      [score: 1.0000]
* -0.3 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
*      cert-sa@returnpath.net
*      [Return Path SenderScore Certified {formerly]
[Bonded Sender} - <http://www.senderscorecertified.com>]
* -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low
*      trust
*      [50.115.210.248 listed in list.dnswl.org]
* -0.2 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
*      safe-sa@returnpath.net
*      [Return Path SenderScore Safe List (formerly]
[Habeas Safelist) - <http://www.senderscorecertified.com>]
* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
* -0.0 SPF_PASS SPF: sender matches SPF record
*  0.0 HTML_MESSAGE BODY: HTML included in message
*  0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
*  0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
*      valid
*  0.1 RDNS_NONE Delivered to internal network by a host with no rDNS
*  0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
X-Spam-Flag: YES

Senderscore is a paid safe list with no way to report abusers of their service giving the impression that they don't really care. Fine. What bothers me is that spamassassin has bought into this whole heartedly. On the plus side though, spamassassin is customizable, so modifications to the score provided by spamassassin can be adjusted. Spamassassin also doubles up scores from this service, but I have modified the original scoring. If you don't have some kind of score, it will not show in the hit list, so rather than make them zero where'd they'd disappear altogether, I dropped one from -3.0 to -0.3 and the other from -2.0 to -0.2. It's easy to see that such high negative numbers could easily overcome a marginal spam threshold. A -5 would overcome my bayes scoring by itself, then add in the dnswl (which I also modified) and we open the door to allow spam through again.

Written by Leonard Rogers on Friday, May 24, 2013 | Comments (1)