Hacker News new | past | comments | ask | show | jobs | submit login
Free JSON API to instantly check the spam score of your email messages (postmarkapp.com)
104 points by alexknowshtml on Oct 14, 2011 | hide | past | favorite | 39 comments



If mail goes to spam while using Postmark, it's almost ALWAYS related to the content. So we built this very simply tool to help you test the headers and contents of your emails to make sure that they're scoring as well as possible to go one step further in avoiding the spam folder!

We decided to offer it as a free API to make the world of email just a bit better. We also built a simple single-page scoring tool for anyone to use even if they're not API savvy.

Ideas and feedback are welcome!


The documentation page says:

  > Postmark's spam API is a mostly RESTfull interface to the Spam filter
  > tool SpamAssassin.
  ...
  > This is free to use and may be updated, removed or changed at any time.
If there's nothing particularly proprietary about the setup, it'd be great to open source it and release it as a public Amazon EC2 AMI. That way, others can play around and tweak it and it would remove the dependency on a third-party service of uncertain longevity.


This is great — now I can test my spamminess without needing to have an expert look at it first :)

Update: would be nice to see a legend with the whole scale ratings possible.


The scale is actually just the SpamAssassin score. Usually anything over 5 can cause delivery problems as the SpamAssassin daemon will mark it as spam. keep in mind though that this is configurable and other people's servers can set a different value. but from my experience, five seems to be the average.


Help me out here: What is the target audience?

1) I don't know your app, but ran SA in the past. You can configure the hell out of it. How is this test setup representable for the (that's the thing you want to archive, I guess) spam filter configuration of the final recipient?

2) Aren't you basically offering a way to ~somewhat easily~ avoid being flagged as spam, even for people with dark glasses and the tendency to sell potent drugs over the internet? I somehow think that you're offering a nice test setup to people that want to 'tune' their unsolicited emails first?

No offense intended, I guess I'm just too negative here? Would love to get feedback on those things nevertheless.


Hey Benjamin,

1) This test is representative of our system. I realize that other systems can be set up different with different settings. given that users of the Postmark app send email through us, they might be interested to see what we might consider as spam.

2) The thing is that there are a lot of tests that spamd does that they can't defeat, even if they're aware of them. security by obscurity isn't really how spamd works anyway :)

and no, you're not at all negative. by all means, please feedback at us :)


Thanks for getting back - and looking up my profile is - special. :)

1) Agreed. So it's ~accurate~ really only for recipients that would use your service/the same configuration/classification, right? For everyone else this is an approximation. With a nice api and some UI love, but still.

2) Agreed, a lot of things are unbeatable. But you yourself market this as 'most often the _content_ leads to classification as spam' solution. Everyone can change the content, good guy and bad guy.

I'm not saying that the idea sucks and quite frankly someone involved into a business that sends unsolicited mail should know the deal already, but I still think that you're offering yet another testcase.

Security by obscurity is not the problem, the thing is: Can I create a client for your API that randomly appends/prepends/inserts meaningful text into my crap content and evaluate your opinion on my crap x times per second? You commented elsewhere that you're not keeping my content, so - how are you going to notice this abuse?

Okay, _NOW_ I'm too negative. Still - rate limit that stuff. :)


Thanks a lot. Now I'm going to spend half the evening writing a script to grab random spam out of my gmail and using this API to try and automatically turn spam into ham.

I bet siri can already do this.


I'd expect her to answer with "I'm afraid I can't do that, Oren" - but give it a try and good luck :)


Your heart is at the right place, I have the same skepticism.

But the bad guys have always been one step ahead of the rest. Let's use the same knowledge and tools, and fight on equal grounds.


It could use a short privacy policy. Do you keep the email contents at all - even in a log?


not in the live version, but you're right. I'm adding this to the todo list.


This is very interesting, but I can't figure out how to use this in Bash, when I try:

  xargs -I % curl -X POST "http://sa-api.postmarkapp.com/filter \
   -H "Accept: application/json" \
   -H "Content-Type: application/json" \
   -v \
   -d '{"email":"%", "options":"long"}' \
  <message
It seems contents of my email message file are processed one line at a time, instead of the entire message passed in place of %

I'm using GNU bash, version 4.1.5(1)-release (x86_64-pc-linux-gnu)

EDIT: added indentation to fix display


Please, man xargs if you aren't joking.

EDIT: Sorry if that came off harsh.


No, I'm not joking. I guess I'm just really dense. I've also tried passing -L 100 in addition to -I, but the result is the same.


Why are you using xargs to read to an entire entry? Why not set it as a var and place it in the comment or take it as stdin?


I've also tried this:

   msg=$(cat message)
   curl -X POST "http://sa-api.postmarkapp.com/filter" \
    -H "Accept: application/json" \
    -H "Content-Type: application/json" \
    -v \
    -d '{"email":"'"$msg"'", "options":"long"}'
But sa-api.postmarkapp.com returns "error"... :-(


oh no. I'm sorry! that's the previous url which we moved last minute.

I'm going to go through the doc again to make sure there's nothing else out of place :/


So I see you've updated the doc with a new hostname, but I still get an error, so there's something obviously wrong with my method:

  msg=$(cat message)
  curl -X POST "http://spamcheck.postmarkapp.com/filter" \
    -H "Accept: application/json" \
    -H "Content-Type: application/json" \
    -v \
    -d '{"email":"'"$msg"'", "options":"long"}'

  * About to connect() to spamcheck.postmarkapp.com port 80 (#0)
  *   Trying 184.73.163.218... connected
  * Connected to spamcheck.postmarkapp.com (184.73.163.218) port 80 (#0)
  > POST /filter HTTP/1.1
  > User-Agent: curl/7.21.7 (x86_64-pc-linux-gnu) libcurl/7.21.7 OpenSSL/1.0.0e zlib/1.2.3.4 libidn/1.22 libssh2/1.2.8 librtmp/2.3
  > Host: spamcheck.postmarkapp.com
  > Accept: application/json
  > Content-Type: application/json
  > Content-Length: 5229
  > Expect: 100-continue
  > 
  < HTTP/1.1 100 Continue
  < HTTP/1.1 500 Internal Server Error
  < X-Powered-By: Express
  < Content-Type: application/json
   < Connection: keep-alive
  < Transfer-Encoding: chunked
  < 
  * Connection #0 to host spamcheck.postmarkapp.com left intact
  * Closing connection #0
  {"error":{}}
Wonder if you've got any pointers on how to do this at the shell...


I got it from here: http://spamcheck.postmarkapp.com/doc


nice work. would be a great add-on to have a permalink to the score + results. for example, client asks me to make his HTML newsletter, i cringe, create it, test it and have a link to send him the score when he insists we use SA negative words, and so on.


oh, I like this.

edit: would you want to see the same results, or have it re-run every time the link is loaded? because you could technically just copy paste the report into pastebin…


Probably the results at the time of processing, mainly for the purpose of sharing. Any further processing makes sense to re-run with a new email. That also holds true to the fact you dont store the email contents. Agreed with pastebin, just as easy to email the results as well, however might be a nice feature that comes with some value to the site's purpose.

Enjoying the api, I may work on a little tool using it similar to the feature request. thanks for sharing this with us.


Nice! I have created something similar, called Konstati (http://konstati.co), focusing on email marketers. So far it only tests emails against Spamassassin, providing useful tips about each SA rule (still only in portuguese, though).

I'm currently working on it to support W3C validation, link and image checkers and email previews.


Another tool to use for figuring out spam rules is always helpful. I actually got hit by the Gmail spam filter with my Hacker Newsletter (http://www.hackernewsletter.com) project last week. Checking that specific email in the tool however shows it scored a -0.1. :) So, as with anything... use this resource with care and make sure you do a lot of other testing as well.


My Perl module WWW::Postmark now supports this API. The new version (0.3) should be up on CPAN within a few short hours, as the CPAN servers sync.


Would you consider putting some kind of resource on the site for explaining some of the common results? For example, why the Text to Image ratio matters.

Also, I've tried a few emails: 1 of them ranked a 1.0, 2 of them a 0.4, but all three times the little white dot was in the same position (at about 2:50, if it were the face of a clock). Not sure if thats a bug or not.


SpamAssassin score could be in range from -1 (best) to 25 (worst). 0.4 and 1.0 is almost the same, so it's normal for white pointer to stay on the same position.


Oh, no kidding.

Thanks for that update


The tool is nice but unfortunately it would miss the key spam score components tied to IP reputation.

AWL (auto-white-list) is the most obvious rule, but many actual Spam Assassin installs include plugins that rely on all kinds of 3rd party service.

Is the IP you are checking against the same as IP used to send your transactional emails?


Very cool guys, thanks for providing this. Would love to see some stats along with the service over time.


what kind of stats would you be interested in seeing? how often people's tests result in spam vs ham scores?

because while I can't see what people are testing, given that it's friday afternoon, I'm betting there's a lot of "asdfasdf" going on :)


I'd be curious of stats via the API as well as stats you guys are processing on postmark as well. Not so much to change my life, but an impressive view into the life of a processing system.

Starting with the type of stats you mentions is great... rates at which the API is being called throughout the day overlapped with rates at which that volume is spam.

I could envision a nice looking bar chart (green) for every hour showing the standard volume bell curve ramping up at 6 am and back down around 4pm and then overlayed on that is another set of bars (red) that show how much of that mail was spam, and how much was (orange) ham or something like that.

Would just give a nice pizzaz to the service and by extension postmark I imagine.

I suppose if you throw what I'm saying into a pot and boil it down, I want you guys to become like Akismet. Every WordPress user knows what it is, everyone uses it and when you find yourself in a non-wordpress environment you reach for the Akismet APIs to help you out anyway.

I figure you guys can popularize postmark via a similar route.


I find this API to be "0.0 excellent"

Cool idea, but what do the scores mean?


http://wiki.apache.org/spamassassin/HowScoresAreAssigned


Hmm, cool -- compared my setup to this and figured out I was missing razor -- apt-get install razor and I should be rejecting more spam as we speak ;)


Anyone else have trouble reading the API? There is no contrast between the text and the background.


Thanks for feedback! I already fixed this and it would be deployed soon.


Alternatively:

  apt-get install spamassassin
  cat email.txt|spamc -R




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: