We Are Hiring

How SendGrid Found the SpamAssassin Y2K10 Rule Bug


Posted on

One of the many things SendGrid does on the backend to determine if a user is having deliverability problems is scan the content through multiple enterprise spam filters multiple times per day for every user.  Some of the filters include Postini, CloudMark, Brightmail, IronPort, Barracuda, Mail Foundry, and SpamAssassin.  These filters are additional filters from our delivery monitory to ISPs such as Hotmail, Yahoo, Gmail, and AOL.  In the last couple of days we noticed that a lot of legitimate emails were triggering the SpamAssassin filter.  The following shows how our graph looks like:

Content test

Content test

After some research we found the following on the SpamAssassin’s website:

Versions of the FH_DATE_PAST_20XX rule released with versions of Apache SpamAssassin 3.2.0 thru 3.2.5 will trigger on most mail with a Date header that includes the year 2010 or later.  The rule will add a score of up to 3.6 towards the spam classification of all email.

The default threshold for SpamAssassin to consider an email as SPAM is 5.0.  Unfortunately, it is easy for SpamAssassin to give some messages a score of at least 1.4 so a lot messages were being marked as SPAM.  We have updated our SpamAssassin rules but expect ISPs that rely on SpamAssassin that have not updated their rules to give a lot of false positives.  We encourage systems administrators to update their rules ASAP.

Once we work out some interface issues, we will be releasing the tool shown above to all users so they can also see this data and run tests on-demand.  This will allow users to test their email content before deploying it into production and/or get notifications when an issue occurs.  This is one of the many features and integrations we are working on that will provide better insight on email deliverability to SendGrid’s users.


Carly Brantz is a veteran in the email deliverability space working to make email simple and easy for developers by regularly writing whitepapers, research briefs and blog posts about email, technology and industry trends.

2 thoughts on “How SendGrid Found the SpamAssassin Y2K10 Rule Bug

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>