SpamAssassin is an open-source project of the Apache Software Foundation. In a corporate setting, usually small to midsized businesses and ISP mail servers, it runs each email message through hundreds of tests that analyze headers, text, and HTML coding and checks domains and IP addresses against DNS (define) blocklists and filtering databases.
When a message flunks a test, it scores anywhere from a fraction of a point to multiple points. If a message scores too many points, SpamAssassin rejects it. But the message can also receive negative points (a good thing) that help offset the unwanted positive points. Check out the list of tests to get a basic understanding of what SpamAssassin checks for.
Though it can reject permission-based messages, SpamAssassin has many positives:
- There's more latitude with content. Using a word such as "free" too often in copy might cost half a point, but the filter won't reject your message outright as some others do.
- If your email is rejected, the ISP or receiving business may provide this detail in a bounce message; not inform you (the sender) at all; or simply insert the word "SPAM" at the beginning of the subject line when the message is delivered to the recipient. In some cases, the receiving entity will return the message with a detailed report showing exactly which tests it violated and how many points it accumulated. (This email can go back to either your reply-to email address listed in the header or your sender address. Make sure somebody monitors those mailboxes.)
- SpamAssassin rewards you if you're listed on an individual or corporate whitelist, or with a reputation or certification agency, such as Habeas, Bonded Sender, or ISIPP's Email Senders Accreditation Program. Habeas accreditation can take 4.3 (for single opt-in) to 8 (for confirmed/double opt-in) points off your score, for example.
A couple negatives, besides the rejection potential:
End users, whether individuals or corporations, can set the maximum score as high or low as they want, although a score of 5 or so is most common. They can also decide which tests to apply. The scores vary according to how SpamAssassin is configured, and users can boost or reduce them if they want.
Also, SpamAssassin penalizes messages more heavily for factors you might not control, such as using open relays or blacklisted IP addresses, or using malformed HTML or MIME coding. If you flunk one of those tests, notify your HTML designer or email service provider (ESP), pronto.
In part two of this column, Kirill Popov and Loren McDonald demonstrate how SpamAssassin works on real copy and how to use it to fine-tune your own email program, both to improve content and increase deliverability. View the examples they give here.
Kirill and Loren provide a couple of strategies to help you use the SpamAssassin tests to tune up your email program the right way:
- Run your email marketing message through a content checker, whether a free or promotional service, third-party solution, or proprietary application provided in your email service provider's solution or in-house software, to spot and correct problems before you hit "send."
- See your email as SpamAssassin does. SpamAssassin breaks messages down into components instead of viewing it as all one piece: headers, subject and sender lines, body content, HTML code, pings on blacklists and whitelists, and so forth. You should adopt this manner of viewing email and work to correct problems in each component, not just the components that affect you most, such as subject line or body content.
- Test your templates. Your primary newsletter or promotional message may not be the only email that gets tangled up in filters. Take all your email templates: company newsletter, sales promotion, order or subscription confirmation, welcome message, complaint response, announcement, and so forth, and run them through the content checker with no body copy or coding beyond what the template requires.
- Use the checker with caution. Checkers provided as a free or promotional service on a company Web site may not be using the latest SpamAssassin version (3.1.0 in 2005), not configured to include the same tests an ISP corporate or individual mail server might use, or not assess the same point penalties.
Bottom line: A zero or low score is reassuring, but it's just a start. Review the content one more time. Check the IP address used to send your message against a blacklist clearinghouse like DNSstuff.com. Monitor your reply mailbox for any filter or block reports.