I've been using SpamAssassin for at least 15 years and it's sadly gotten less useful as the spam arms race has moved on. We regularly see people on here post about deliverability issues with Gmail/Outlook but the truth is that sender reputation is by far the biggest indicator of whether a message will be spam - these type of rules are just counting deckchairs on the titanic in comparison.<p>And this plays into the strengths of the big mail networks in detection. It's a bonus to them that every time they block a smaller host there is a good chance that sender will consider a move to office365 or Google Workspace for their mail.<p>As an aside, not sure if OP is related to them but updown.io is a nice service and I appreciate the simple PAYG pricing! For what it's worth their mails seem to get through successfully to me too.<p>Also for those facing mail delivery issues (or just practicing good email hygiene) - I recommend www.mail-tester.com - they give you an email address to send a mail to and carry out a heap of tests - including checking against SpamAssassin + blacklists, SPF/DNS/etc testing.
I love the analysis. But I hate that the 'fixed' email ends up being wordier for no reason at all.<p>Brevity has value. Having to bloat content (an email to get past anti-spam; a cooking blog to rank better within Google SEO; ...) brings back memories of high-school english papers, or the modern equivalent ChatGPT.
Putting your outbound emails through SpamAssassin as part of a regression test sounds like a really good idea - would have never thought of doing that myself!
Having the rules public seems to take away most of the benefits...<p>Any smart spammer will just tweak his spam to not hit these rules... And if he hasn't, it's because the vast majority of people don't use SpamAssassin
I tried using SpamAssassin (via Proxmox Mail Gateway, which makes it much easier to set up) to replace a Barracuda email appliance (it was destined to get a *6x* service price increase in 2024!), and after several months of trying to get the number of FPs down, I gave up.<p>The problem wasn't just the number of FPs (which were much higher than the 'Cuda) -- it was that they came from real people, who were often common senders. This is not corporate email, or anything that was even remotely spam (except as SA's crazy ruleset determined). These all required whitelisting, and it became a real chore for all my users to keep up with all the whitelisting.<p>So back to the Barracuda for another year. It lets a little more spam through, but virtually no FPs. I just couldn't make SA get the same performance, even with many tweaks to the weights and rulesets.
It's been a very long time since I ran a mail server, but for a decade or more I pumped all our outgoing mail through Hashcash because it gave a good boost to the Spam Assassin score. We'd crank it through the largest one, and it would add ~60sec to the mail delivery, unless we had a bunch of outgoing mail, but it was worth it I felt.
I've been using SpamAssassin since, well, forever, in internet terms. My recent facepalm moment was when I noticed that E-mails from the Playdate developer forum (Playdate is a really cool tiny gaming console) land in my spam folder, because anything in the .date domain (and the forum uses play.date as the domain) is assumed to be "dating spam".
I couldn't help but think about mechanistic interpretability research on large neural models reading this — I guess this is what happens when humans do something similar, adding and removing tweaks here and there to better fit this or that case, over a long period of time.
Spamassassin is doing it's job here, and doing a good job!<p>Most spammers and marketing/sales sleezoids never think they are doing anything wrong. They are totally empathy incapable. Or they know they are scum and don't care. Either way.<p>OP talks about adding "invisible text" and other such common spammer tactics to get around some of the rules. Zero self-awareness.<p>At no point did this person ever think "did I do something wrong?". No, it's that shitty Spamassassin!
Some of those highlighted rules, such as using CC or having the string “can help” being used to decide if something is spam or not is so absurd I’ll make sure to never use SpamAssasin.