SpamAssassin bug leads to blocking of legitimate emails

By

False positive rate lifted dramatically.

A bug in SpamAssassin over the New Year led to many emails incorrectly being flagged as spam and blocked.

Daniel Axsäter, chief executive officer of CronLab, claimed that this was a fairly serious incident that was causing problems for the email filtering community. He explained that many filtering companies and internet service providers use SpamAssassin as a base but create their own rules and their own and/or use third party blacklists.

However, he said that the bug, which CronLab was able to avoid, caused emails to be erroneously flagged as spam due to a date stamp bug which made all emails with a date stamp in 2010 more likely to be flagged as spam.

He said: “If I received an email that was dated 2014 it would sit at the top of my inbox until 2014 and this obviously needs to be prevented. The scoring system in the SpamAssassin rule-set started labelling more emails as ‘spam'. With this erroneous rule in place there could easily be a false positive rate of five to ten per cent rather than the industry norm of less than one in a million.”

He said that a change to the rule from emails marked as 2010 to a later date would have prevented the problem, as emails with forged date headers still need to be stopped, but obviously 2010 was no more a forged date as of a week ago.

In terms of the impact, Axsäter admitted that there would be a possible downturn for online companies who rely on newsletters for promotion who would have had their emails flagged as spam.

“Maybe the newsletter is suspicious and as it comes through it has three points added to it, the rule is to start treating an email as spam at over six points, and this can stop newsletters coming through,” he said.

“Many ISPs and email filtering providers immediately delete all spam and then they can't do a post mortem analysis in a situation like this. Instead we store all spam for 30 days so even if we had been affected by this bug we could have checked the spam over again to have the legitimate emails delivered. This is obviously impossible if you delete all spam straight away.”

“Numerous both large and small ISPs around the world were affected by this bug and lost their clients' emails. Clients should demand more from their ISPs and spam filtering providers; not only should the filters be continuously updated, but spam needs to be stored for a period of time as well.

“In addition to this, borderline spam should be made visible to the end-user through a quarantine to ensure that no real emails are mistakenly caught. By adhering to these three principles we not only avoided this situation, but we even had two further backup plans in place even if the first one failed.”

See original article on scmagazineuk.com


Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Log In

  |  Forgot your password?