James Stephens

I have recently disabled Spamassassin’s autowhitelist feature.

Spamassassin’s autowhitelist feature keeps track of the average score of email for a particular sender (the From: field in the message letter headers), and nudges new mail towards that average.

Let’s say that joe@email.com sends you a mail that scores 8; joe’s average score thus far is -1. The autowhitelist feature averages these two numbers (8-1)/2 = 3.5, and that becomes the new score for the mail. In this example the autowhitelist feature helps classify a message as ham that otherwise would have been classified as spam, based on the past history of nonspam from this user. Conversely, the autowhitelist feature helps to classify messages as spam that otherwise would have been classfied as ham because it always acts to nudge the score in the direction of the average for a particular sender.

It’s great when it works. The problem I have with autowhitelist is that in the case that joe is a legitimate user I get email from all the time (and his message score is generally low), and I all of a sudden receive a message from joe that has a high score, the chances are that it wasn’t because joe himself sent a message that scored highly on this one occassion, but because a spammer sent a spoofed message pretending to be from joe. Just lately, a significant percentage of spam seems to comprise such spoofed email and in this case the one message in ten from joe that happens to be spam often gets classified as ham.

The Spamassassin Wiki freely admits that “It IS possible for the AWL to be polluted and cause problems. Generally this is the result of past misconfiguration or scoring problems that have since been fixed, but the AWL retains the old average and causes score problems, pushing things onto the wrong side of the spam/ham threshold line.” I think this says it all.

For all these reasons I have disable the autowhitelist feature in my user_preferences file (use_auto_whitelist 0).