Monday, January 12, 2004


To help SpamSieve catch the spam that is circulating right now, I recommend that everyone choose Preferences… from the SpamSieve menu and uncheck the “Honor Habeas headers” checkbox.

Habeas is a service that licenses a haiku to users who agree not to send spam e-mails. The users can then include the following text in their e-mails:

X-Habeas-SWE-1: winter into spring
X-Habeas-SWE-2: brightly anticipated
X-Habeas-SWE-3: like Habeas SWE (tm)
X-Habeas-SWE-4: Copyright 2002 Habeas (tm)
X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this
X-Habeas-SWE-6: email in exchange for a license for this Habeas
X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant
X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this
X-Habeas-SWE-9: mark in spam to <>.

By default, when SpamSieve sees this text in a message, it assumes that the message is not spam. Why? It used to be a very good indication that the message was good, since Habeas has promised to sue anyone who includes Habeas’s haiku in a spam message. Alas, this no longer seems to be a strong deterrent, and spammers have started including these headers in their messages in order to get through the filters. When you uncheck “Honor Habeas headers,” SpamSieve will treat these messages like all others, which should enable it to catch this latest raft of spam.

10 Comments RSS · Twitter

The only Habeas spam I've seen so far is that stupid V|@gra... one. I got around this by adding a rule against, well, "V|@gra" in the subject line.

I know I have valid emails that use the Habeas headers. Are people seeing other Habeas spams?

That's the only one I've seen so far, but I think it won't be long until it mutates or other spammers start including Habeas headers.

Is the vertical bar in V|@gra considered whitespace? I see it doesn't appear in the corpus.

Yes, and so is @.

A comment on Entourage: When entering the Habeas data there are two columns. In the first, for example, enter "X-Habeas-SWE-1," then enter "winter into spring" in second, then move down to next line & etc. Apparently this isn't mentioned on their site. I'd figured it out back when but a friend hadn't. Makes for a lot of unsightly garbage in header if you paste it all in first column. The Great God Microsoft put that second column there for a reason and other than the fact that it's a pain to copy/paste it works.

All mail I've received with the 'X-Habeas.." headers has been spam.

It will be sad if a good idea like that of Habeas should fail because of these few violators. Habeas is going to sue whoever sent it, not?

How can Habeas be serious about stopping spam when their web page to report violators doesn't ask anything about the original spam email, the sender or the recipient?!? Sure, the form suggests near the bottom to "Please forward the email you received to", but why wouldn't they just include that instead of sending you to some useless form if that's the real way to report violators?!?!? I get the impression they're just a wolf in sheep's clothing!

This is just silly. Why would any non-spammer bother with the Habeas headers? I'm configuring Spamassassin to add 10 points for these headers.

Leave a Comment