How to Safelist a Sender or Domain in SpamAssassin

This article explains how to set up SpamAssassin to always allow certain senders.

How to Safelist a Sender or Domain in SpamAssassin

Using its comprehensive set of rules and Bayesian analysis, SpamAssassin catches an impressive amount of spam with hardly any false positives — hardly any. To reduce this number even further, you can safelist certain newsletters, for instance, which tend to be top candidates for being erroneously classified as spam.

To safelist individual addresses or domains in SpamAssassin:

1. Open /etc/mail/spamassassin/local.cf in your favorite editor for system-wide safelisting.

   To safelist only for yourself, open ~/.spamassassin/user_prefs.

2. Append whitelist_from_rcvd {address or domain you want to safelist preceded by "*@"} {domain name which must be present in the Received headers}

3. To safelist all email from example.com, for example, type whitelist_from_rcvd *@dotdash.com dotdash.com.

The second parameter of whitelist_from_rcvd, a domain name which must be present in the Received header lines, is some prevention against spammers easily getting past SpamAssassin by using an email address at a commonly safelisted domain.

How to Use Auto Safelisting

SpamAssasin offers plug-ins that let you automate safelisting senders — not necessarily and not only in the manner you would assume, though.

Both the older AWL (AutoWhitelist) and the improved TxRep plug-ins will monitor sending email addresses over time. Based on the reputation so built for addresses, the plug-ins will then adjust the spam score for an individual new message for each sender.

If you received nothing but good mail from an address in the past, for example, just about anything they send now will be treated as good mail; even if they essentially forward a junk email, this message will pass through SpamAssassin unscathed with the help of AWL or TxRep. The sender will essentially be safelisted.

Of course, that latest email will be factored into the sender's reputation for the future, and repeated bad messages can modify it so that the sender is no longer "safelisted."

As a corollary, even the purest email from an address that has sent nothing but spam in the past will be treated as junk with AWL or TxRep enabled for SpamAssassin — with that good message slightly modifying the sender's reputation for the future.

Use SpamAssassin TxRep to Safelist Addresses You Email

The TxRep SpamAssassin plug-in also includes the ability to watch the emails you send and automatically improve the reputation of each recipient address in each outgoing email, effectively safelisting people you email, and especially if you email them repeatedly.

To have TxRep automatically improve the reputation of addresses you email:

1. Make sure the TxRep plug-in is installed for SpamAssassin.

2. Make sure, also, that SpamAssassin is configured to process outgoing mail and that your email programs are configured to send through the local SMTP server (which allows SpamAssassin to process that mail).

3. Open /etc/mail/spamassassin/local.cf in your favorite editor for system-wide safelisting.

   To safelist only for yourself, open ~/.spamassassin/user_prefs.

4. Add or edit the txrep_whitelist_out entry to a value from 0 to 200.

   Every time TxRep encounters an email address, it will add txrep_whitelist_out to the sender's reputation score; the value increases over time as you email the same person repeatedly.

5. The default value for txrep_whitelist_out is 10.