01/06/2010

Commtouch blogged about a bug in SpamAssasin that has implications for anyone using the open source spam filter but who has not upgraded.

"Until the early afternoon of January 1, 2010, SpamAssassin faced a Y2K10 issue. A specific rule checked to see if a message was sent from the future, which could be an indicator of a compromised computer. The parameter stated that messages from 2010 were “from the far future,” inappropriately giving an additional 3.2 points to each message, significantly increasing the message combined score and thus eventually raising the false positive ratio." (source Commtouch blog )

I love open source. In many cases it keeps "paid" vendors like us working harder, which is fine with me. The problem is there is no resource to turn to if something is broken. For my customers, I am that resource here. If we get a single false positive, I hear about it, and rightly so. Which is why my number one mission is no false positives.

Paying for spam protection is not fun, but with email being the #1 mission critical application across all organizations, the cost to keep it clean 365 days a year is worth the small price, IMHO.