In this blog post, the author discusses their investigation into why SpamAssassin classifies certain emails as spam, particularly the updown confirmation email. They provide examples of the Spam-Score and delve into their attempts to reproduce the issue locally using SpamAssassin. The author highlights two rules, HTML_IMAGE_ONLY_28 and URI_PHISH, and explains the criteria that result in emails being flagged as spam. They also mention some surprising and clever rules used by SpamAssassin, such as the presence of a tag and the word “cost” preventing an email from being classified as phishing. The author shares their changes to the email to avoid triggering these rules.
https://updown.io/blog/the-funny-rules-of-spamassassin-in-2023