SpamAssassin runs many tests against each message, looking for various things that are typical of spam, and assigns various point-values to each test. The point values are added up to come up with a sort of "score" as to how likely this message is to be spam.
That score, along with a report on what tests contributed to that score is added to the mail message. Below you'll see a sample of what the extra info looks like.
X-Spam-Status: Yes, hits=23.8 required=5.0 tests=INVALID_DATE_TZ_ABSURD,SUBJ_HAS_SPACES,TO_MALFORMED, FROM_ENDS_IN_NUMS,COMMUNIGATE,DOUBLE_CAPSWORD, UPPERCASE_25_50,NORMAL_HTTP_TO_IP,DATE_IN_FUTURE_12_24, CTYPE_JUST_HTML version=2.31 X-Spam-Flag: YES X-Spam-Level: Spam-Score=*********************** X-Spam-Checker-Version: SpamAssassin 2.31 (devel $Id: SpamAssassin.pm, v 1.94.2.2 2002/06/20 17:20:29 hughescr Exp $) X-Spam-Report: 23.8 hits, 5 required; * 4.4 -- Invalid Date: header (timezone does not exist) * 4.0 -- Subject contains lots of white space * 1.1 -- To: has a malformed address * 0.4 -- From: ends in numbers * 2.6 -- BODY: Communigate is SPAM software * 1.1 -- BODY: A word in all caps repeated on the line * 1.9 -- BODY: message body is 25-50% uppercase * 3.3 -- URI: Uses a dotted-decimal IP address in URL * 3.3 -- Date: is 12 to 24 hours after Received: date * 1.7 -- HTML-only mail, with no text version
SpamAssassin considers scores of 5.0 or higher to be spam, and includes
a YES in the X-Spam-Flag line in that case.
However, you can choose the cutoff threshold yourself by basing your filter
on the X-Spam-Level line, which represents the number of
points assigned to the message as a string of asterisks (*)
So for example, if you wanted to act on message that score 7 or higher,
you could set your filter to look for Spam-Score=*******
somewhere in the message header. If you want to raise the threshold, add
more asterisks, if you want to lower the threshold, use fewer asterisks.
