Don’t Route Or Peer (DROP) is an authoritative advisory list designed to block all traffic from specific sources. DROP is a specialized subset of the SBL, optimized for firewalls and routing equipment. The DROP list excludes IP addresses originally allocated to legitimate networks and later reassigned, even if they end up with confirmed spammers. It includes netblocks hijacked or leased by professional spam or cyber-crime operations, typically used to spread malware, trojan downloaders, and botnet controllers. DROP comprises direct allocations from ARIN, RIPE, APNIC, LACNIC, or other Regional Internet Registries, as well as “portable allocations” (PI) from RIPE. Spamhaus strongly advocates the adoption of DROP by Tier-1 and backbone networks. Consulting the DROP list webpage when routing suspicious IPs can avert significant network issues, ensuring a secure and reliable infrastructure.

xtended Don’t Route Or Peer (EDROP) is an enhanced version of the DROP list, addressing netblocks managed by professional spammers and cybercriminals that are not directly allocated. EDROP includes sub-allocated netblocks controlled by malicious entities. Direct allocations are exclusively listed in DROP. EDROP specifically targets sub-allocated netblocks. Spamhaus highly recommends that Tier-1 and backbone networks utilize EDROP. Referring to the DROP list webpage when asked to route suspicious IPs can prevent the onboarding of problematic customers. Since April 2024, EDROP data is integrated into the main DROP list.

The Spamhaus DROP (Don’t Route Or Peer) list features [autonomous system numbers ASNs exploited by professional spam or cyber-crime operations for spreading malware, trojan downloaders, botnet controllers, and more, delivering no legitimate traffic.

Does Spamhaus re-evaluate DROP listings, and if so, how often?

Yes. DROP listings are re-evaluated daily. Various factors can prompt changes to these listings, including interactions with involved parties, detection or notification of false positives, automatic network reassignments, and more.

How can the DROP list be valuable if it’s free?

The DROP list includes IP ranges deemed highly dangerous to internet users, which Spamhaus offers freely to anyone interested. Recognizing the critical importance of this data, Spamhaus ensures the DROP list is accessible to all entities, regardless of size or industry, to safeguard internet users.

What are “hijacked netblocks”?

“hijacked” or “zombie” netblocks are blocks of IP addresses that have been “revived” by a spammer. Here’s how it typically happens: The original owner abandons the block Squatters reclaim it using tactics such as registering an abandoned domain to accept email for the domain contact Some hijackers even steal IP space allocated to others by announcing it under their BGP Autonomous System Number (ASN). Autonomous System Numbers can also be hijacked. Spammers take over abandoned ASNs to announce various IP ranges, resulting in hijacked netblocks advertised by hijacked ASNs These activities allow spammers to exploit abandoned resources for malicious purposes, creating significant challenges for network security. Hijacked netblocks can be discovered within ranges allocated by Regional Internet Registries (RIR). Restoring rightful ownership of a hijacked netblock involves identifying the original owner—often a defunct company—and navigating Regional Internet Registry (RIR) procedures. This is a slow process, yet insufficient for curbing modern spam.

Is DROP Available via DNS Lookups?

Yes, all networks listed in DROP and EDROP are also included in the SBL list. A DNS lookup for SBL and ZEN will return a listed status for these networks. A return code of 127.0.0.9 indicates listings in DROP.

How Do I Remove a Range or ASN from DROP Lists?

To maintain network integrity, ranges in DROP/EDROP are linked to associated SBL records specified in the DROP/EDROP files. Once the relevant SBL record is deleted, the associated ranges automatically exit DROP/EDROP. For removal from ASN DROP, use the Spamhaus IP and Domain Reputation Checker to query the ASN and the steps are outlined there.

Does Spamhaus re-evaluate DROP listings, and if so, how often?

Yes. DROP listings are re-evaluated daily. Various factors can prompt changes to these listings, including interactions with involved parties, detection or notification of false positives, automatic network reassignments, and more.

What is the SpamAssasin score and how to avoid it

How to Avoid Being Filtered by SpamAssassin

07 March 2022

The amount of emails that are spam has declined significantly in the last 10 years, but still represents nearly half of all email sent.

You may not have been aware that it’s that high, and one reason those emails never make it to your inbox is due to email filtering software. Tools like SpamAssassin analyze incoming emails and assign scores, and they are filtered out . Email clients then put these these messages into a spam folder, saving the effort of looking at them.

This is immensely beneficial for the email users, as it helps eliminate everything from unwanted advertising to malicious phishing attempts.

However, for email marketers, this presents a challenge. A lot of email marketing is legitimate and opted in, but can still be flagged as spam, and never seen.

In this article, we explain what SpamAssassin is, and how to prevent being filtered by it.

Source: Statista – Monthly share of spam in the total e-mail traffic worldwide from January 2014 to December 2023

What is SpamAssassin?

SpamAssassin is open-source software, first launched in 2001, and developed by the Apache Foundation, which makes Apache HTTP. Apache is used to serve nearly 1/3 of websites on the internet.

Using an algorithm and analytics to evaluate email content, SpamAssassin determines gives a score based on multiple criteria such as message content and sender reputation.

As free and open-source software, SpamAssasin is widely adopted. It is used by everyone from system administrators to large email platforms, effectively blocking large amounts of global spam messages from ever being seen.

These are some of the criteria that SpamAssasin uses:

Sender’s IP address
Subject line content
Email headers
Use of authentication
Body content
Use of markup languages
Character set used
Message is encoding
Presence on blocklists
DKIM and SPF record configuration
Suspicious links and attachments
Spam related terms
Use of disallowed scripts

What SpamAssassin tests look for

SpamAssassin scans emails and runs tests to look for attributes and patterns associated with spam. There are over 700 tests that SpamAssassin uses to detect spam, and a variety of techniques including Bayesian filtering, blacklists such as Spamhaus, and DNS.

How SpamAssassin scores email

Each individual message gets its own spam score. The lower the score, the better. Anything above 5 is considered spam.

Preliminary scoring is given for each of the hundreds of attributes that SpamAssassin checks. Individual attribute scores are added to give an overall SpamAssassin score.

Negative numbers are actually positive. This indicates the email is unlikely to be spam
0 is neutral
Positive numbers suggest possible spam

The maximum possible score is 10, however, system administrators and mail providers occasionally modify the threshold, setting it either lower or higher than 5. So it is best to stay well below 5.

How to Avoid SpamAssassin

Generally speaking, email that is is not spam should not result in a bad SpamAssassin score. But if your SpamAssassin score is higher than you’d prefer, here are a few suggestions to reduce the score and your likelihood of being filtered out.

Establish a Good Reputation

To be recognized as a legitimate sender, displaying accurate sender information—such as your “from” and “reply-to” addresses—is essential. Ensure your domain has a verifiable IP address that recipients can check to confirm your identity. Sender reputation is established with each email sent and weighs on establishing a history for your domain and IP address. End user engagement with your emails also affects your reputation, while being marked as spam or ignored can have detrimental impact.

Avoid Coding Errors in HTML Emails

HTML errors, such as invalid tags and default titles, can lead to emails being classified as spam. Clean HTML code is essential. Additionally, for HTML emails, include a plain text version for recipients who prefer that format. Avoid invisible text, as it can also trigger spam filters.

Authenticate Emails

Email authentication helps email servers distinguish legitimate senders from scammers. SpamAssassin assesses emails based on SPF (Sender Policy Framework) and DKIM – DomainKeys Identified Mail.

The absence of either can negatively impact your score. Thus, email authentication crucial for maintaining a low SpamAssassin score. DMARC enhances security, it doesn’t directly influence SpamAssasin score, but its use is still recommended for added protection.

Multiple Images in Email Negatively Affect Score

Using one or two images in your email is generally acceptable, but overuse can be a problem. SpamAssassin flags emails that are primarily composed of images. While this may not drastically alter the score, it does factor in. Minimizing images to less than 40% of an email message by byte size is necessary. Also, it’s necessary to always include alt text in images. Alt text is key to usability and accessibility, and affects reputation.

Language Matters – A Lot

Spam messages tend to use common language, which will trigger filters. Be sure to avoid using spammy language anywhere in the message or title. Some recognizable examples:

“This email is not a spam”
Winner, Win
Save
Weight loss
Profit
Best price
Cheap
No questions asked
Free
Money
Rich
Income
Debt

These are common terms in marketing copy, so if you need to use them, try to find alternate words and language, and use good grammar and writing form.

Be Careful With Links in Emails

Marketing email is all about links. You want conversion, but be careful what you link to. The domain reputation of sites you link to will affect your own. If you are linking out to sites that are blacklisted as malicious, or scammy, you will be seen as coordinating to drive malicious traffic.

And it isn’t always obvious. Companies that appear legitimate may be on blacklists for poor security or IT practices.

To Summarize

Monitoring your own sender reputation is very useful for understanding and predicting whether your emails will be filtered. Additionally, this can provide useful feedback on whether specific campaigns may have triggered spam filters, to diagnose and avoid in the future.

But enerally speaking, just maintaining good practices and good faith will avoid being flagged as spam.

◼️

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

How to Avoid Being Filtered by SpamAssassin

What is SpamAssassin?

What SpamAssassin tests look for

How SpamAssassin scores email

How to Avoid SpamAssassin

Establish a Good Reputation

Avoid Coding Errors in HTML Emails

Authenticate Emails

Multiple Images in Email Negatively Affect Score

Language Matters – A Lot

Be Careful With Links in Emails

To Summarize

Other Popular Blog Posts

$1.3 billion BEAD Funding Allocated to Louisiana

Where is IPv4 Availability Heading as we Close Out 2024?

CrowdStrike Outage Crashes Microsoft Systems

Get a Free Consultation

Solutions

Services

Buy/Sell IPv4

Resources

Company

What is the SpamAssassin Score?

How to Avoid Being Filtered by SpamAssassin

What is SpamAssassin?

What SpamAssassin tests look for

How SpamAssassin scores email

How to Avoid SpamAssassin

Establish a Good Reputation

Avoid Coding Errors in HTML Emails

Authenticate Emails

Multiple Images in Email Negatively Affect Score

Language Matters – A Lot

Be Careful With Links in Emails

To Summarize

Other Popular Blog Posts

Get a Free Consultation

Solutions

Services

Buy/Sell IPv4

Resources

Company