SpamAssassin headers now added to some whitelisted messages

One of the features of our e-mail system is that we add SpamAssassin headers to most incoming mail, as described on our SpamAssassin page.

Until now, we didn’t add SpamAssassin headers to messages that were “whitelisted” because they appear to be from someone you’ve sent a message to.

In recent years there’s been an increase in forged spam claiming to be from addresses you know, though, often because the other person’s address book has been stolen by a virus. Because of that, it can be useful to see SpamAssassin results even for these whitelisted messages, and we’ve changed our mail system to add SpamAssassin headers to them as well.

This doesn’t change the fact that we won’t reject these whitelisted messages, regardless of their SpamAssassin score. The only change is that we now add SpamAssassin headers, allowing customers who want to examine the SpamAssassin score to do so. Customers won’t notice any change unless they have their own systems to examine the SpamAssassin headers.

Erroneously high SpamAssassin scores (resolved)

One of the features of our e-mail system is that we add SpamAssassin headers to incoming mail that isn’t whitelisted, as described on our SpamAssassin page.

A bug in the SpamAssassin software caused SpamAssassin scores to be incorrectly calculated for the first few days of this year: the scores were higher than they should have been.

We don’t use SpamAssassin scores as part of our spam filtering system, so this doesn’t affect most of our customers at all. However, some customers may have added custom rules to their mail programs that examine the SpamAssassin headers. If you do that, and you’ve directed high-scoring messages into a spam folder in your mail program that you don’t usually look at, you should look at all messages received between January 1 and the morning of January 6 to verify that they are actually spam.

Just so it’s clear, this bug affected everyone using SpamAssassin with any ISP or hosting company, not just our customers. That said, this bug unfortunately persisted on some of our servers for longer than it should have done, due to a technical issue with the way Debian Linux distributes SpamAssassin updates. We apologize for any problems this caused our customers; the problem was resolved on all servers early today.