diff --git a/conf/sieve-spam.txt b/conf/sieve-spam.txt
index 6f364fea..bf6bdcef 100644
--- a/conf/sieve-spam.txt
+++ b/conf/sieve-spam.txt
@@ -1,7 +1,6 @@
 require ["regex", "fileinto", "imap4flags"];
 
 if allof (header :regex "X-Spam-Status" "^Yes") {
-  setflag "\\Seen";
   fileinto "Spam";
   stop;
 }
diff --git a/setup/spamassassin.sh b/setup/spamassassin.sh
index 92b46fca..e8db15e9 100755
--- a/setup/spamassassin.sh
+++ b/setup/spamassassin.sh
@@ -30,6 +30,20 @@ hide_output pyzor discover
 # We've already configured Dovecot to listen on this port.
 tools/editconf.py /etc/default/spampd DESTPORT=10026
 
+# Spamassassin normally wraps spam as an attachment inside a fresh
+# email with a report about the message. This also protects the user
+# from accidentally openening a message with embedded malware.
+#
+# It's nice to see what rules caused the message to be marked as spam,
+# but it's also annoying to get to the original message when it is an
+# attachment, modern mail clients are safer now and don't load remote
+# content or execute scripts, and it is probably confusing to most users.
+#
+# Tell Spamassassin not to modify the original message except for adding
+# the X-Spam-Status mail header and related headers.
+tools/editconf.py /etc/spamassassin/local.cf -s \
+	report_safe=0
+
 # Bayesean learning
 # -----------------
 #