SpamAssassin '2010' bug blocked New Year's e-mail across world

Due to an oversight, a rule used to score e-mail as to the likelihood of it being spam was not updated in compiled versions of Apache SpamAssassin 3.2.0 thru 3.2.5 in time for the turning of the year

If you sent an email in the first few hours of 2010, there is a chance that it never reached its recipient thanks to an embarrassing '2010' bug buried in the open source SpamAssassin anti-spam engine used by many Internet Service Providers.

According to a UK-based techie who first blogged on the issue, the fault lies with the 'FH_DATE_PAST_20XX' rule used in conjunction with many others by the program to score the likelihood of an email being spam. This assigns an especially high score to any email it encounters that has within its header a date beyond a defined point in the future, normally a reliable sign that the email in question is suspicious.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

Unfortunately, due to an oversight this rule was not updated in compiled versions of Apache SpamAssassin 3.2.0 thru 3.2.5 in time for the turning of the year, and so any email sent with a sending date between 2010 and 2099 would have had the higher score applied to it automatically.

Although this on its own would be unlikely to have stopped an email, it is likely that the number of false positives would have increased dramatically until service providers noticed the issue. Non-packaged versions of SpamAssassin would not have been affected, though only a small minority of users download the software in this form.

It is impossible to say how many emails were affected, but reports have emerged of false positives in Sweden, Germany, and The Netherlands. According to Daniel Axster, CEO of Swedish open source anti-spam company CronLab, the effects of the bug would have been global, affecting every country from the point it crossed the date line.

"Almost all ISPs use the standard rule set with some modifications," he said, describing the problem as probably having affected providers for anything from minutes and hours to days in some cases.

According to Axster, the lessons were that providers should update filters regularly, archive spam for a period of a month or more in case of problems, and offer end users a mechanism to check their filtered emails for false positives. All of these techniques were used by his company.

"Customers should simply not accept having their emails deleted if suspected as spam, but rather have them stored for a while so the ISP can do further analysis on the emails," he said. "ISPs and filtering providers need to up their game."

SpamAssassin issued a fix rapidly once it had been made aware of the problem, with advice offered from a help page on its website.

For ordinary users who worry that they might have been affected, but without a spam review report to check, the solution will have to be more basic - hit the resend button.

This story, "SpamAssassin '2010' bug blocked New Year's e-mail across world" was originally published by Techworld.com.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies