Don’t call me DOM

29 July 2004

Fake SpamAssassin headers

Filed under:

Although my anti-spam set up works fairly well, I had been surprised in the past months (apparently starting end of May) to get some obvious spams (involving e.g. ‘Valium’ in the subject) going through it without problems. Only today have I realized that this was because the mails were not checked by my SpamAssassin, but (supposingly) by a SpamAssassin on popular free Web-based email services (e.g. yahoo or hotmail); that is, they included the following headers:

X-Spam-Checker-Version: SpamAssassin 2.60-spambr_20030926a on popular_mail_service.com
X-Spam-Level:
X-Spam-Status: No, hits=-5.9 required=5.0 tests=AWL,NO_REAL_NAME autolearn=no
        version=2.60-spambr_20030926a

Due to the way my SpamAssassin set up works, they were not re-checked when entering my spam filters!

Although this should probably fixed at a higher level in our mail distribution system, I’ve worked around it with the following procmail rule:

# clean spurious SA headers
:0fw
* X-Spam-Checker-Version: SpamAssassin 2\.60-spambr_20030926a on
| formail -IX-Spam-Status:

I don’t want to remove any previous SpamAssassin header, since our mail set up does set one already that I can trust; but since we’re not using the same version as the one given in the X-Spam-Checker-Version, I’m on the safe side. And after a quick check, these spams amounted to around half of the spams that went through my filters in June, so I should get even better results with my anti-spam set up.

Well, until spammers start upgrading their fake headers, I guess.

4 Responses to “Fake SpamAssassin headers”

  1. Rebuilding The Spam Barrier Says:

    […] mail ISP uses SpamAssassin and the headers are a great guide. (However, I have read reports of bogus SA headers possibly added by […]

  2. Strip SA headers before processing Says:

    […] the net, the only similar instance I could find was from 2004. However, the exim config by that user and by me are very different. I am not sure how to apply it. […]

  3. Strip SpamAssassin headers before processing - Admins Goodies Says:

    […] the net, the only similar instance I could find was from 2004. However, the exim config by that user and by me are very different. I am not sure how to apply it. […]

  4. Strip SpamAssassin headers before processing | eeYogo @ yo' service Says:

    […] the net, the only similar instance I could find was from 2004. However, the exim config by that user and by me are very different. I am not sure how to apply it. […]

Picture of Dominique Hazael-MassieuxDominique Hazaël-Massieux (dom@w3.org) is part of the World Wide Web Consortium (W3C) Staff; his interests cover a number of Web technologies, as well as the usage of open source software in a distributed work environment.