Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

SpamAssassin '2010' bug blocked email across world

New Year email marked as spam.

By John E Dunn | Techworld | Published: 15:46, 06 January 2010

If you sent an email in the first few hours of 2010, there is a chance that it never reached its recipient thanks to an embarrassing ‘2010' bug buried in the open source SpamAssassin anti-spam engine used by many Internet Service Providers.

According to a UK-based techie who first blogged on the issue, the fault lies with the ‘FH_DATE_PAST_20XX' rule used in conjunction with many others by the program to score the likelihood of an email being spam. This assigns an especially high score to any email it encounters that has within its header a date beyond a defined point in the future, normally a reliable sign that the email in question is suspicious.

Unfortunately, due to an oversight this rule was not updated in compiled versions of Apache SpamAssassin 3.2.0 thru 3.2.5 in time for the turning of the year, and so any email sent with a sending date between 2010 and 2099 would have had the higher score applied to it automatically.

Although this on its own would be unlikely to have stopped an email, it is likely that the number of false positives would have increased dramatically until service providers noticed the issue. Non-packaged versions of SpamAssassin would not have been affected, though only a small minority of users download the software in this form.

It is impossible to say how many emails were affected, but reports have emerged of false positives in Sweden, Germany, and The Netherlands. According to Daniel Axsäter, CEO of Swedish open source anti-spam company CronLab, the effects of the bug would have been global, affecting every country from the point it crossed the date line.

"Almost all ISPs use the standard rule set with some modifications," he said, describing the problem as probably having affected providers for anything from minutes and hours to days in some cases.

According to Axsäter, the lessons were that providers should update filters regularly, archive spam for a period of a month or more in case of problems, and offer end users a mechanism to check their filtered emails for false positives. All of these techniques were used by his company.

"Customers should simply not accept having their emails deleted if suspected as spam, but rather have them stored for a while so the ISP can do further analysis on the emails," he said. "ISPs and filtering providers need to up their game."

SpamAssassin issued a fix rapidly once it had been made aware of the problem, with advice offered from a help page on its website.

For ordinary users who worry that they might have been affected, but without a spam review report to check, the solution will have to be more basic - hit the resend button.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.