One reader of this newsletter recently let me know how SpamAssassin has been effective in stopping a large percentage of the spam his company\u2019s mail system encounters.Here\u2019s what he had to say:\u201cFor several years we have had simple content filtering that was effective in catching much of the spam that that we received each day. Body-part enlargement and other questionable words in an e-mail message would reliably indicate that it was some type of non-business junk mail. Some of the more clever sources would misspell words; we would add them to the list, and for a while it worked fairly well.\u201cSince early in 2003, the volume, the objectionable content and the creativity of spammers have increased dramatically. About three months ago we decided to find a better solution. As in many IT shops, we don't have any extra money, so our \u2018Mr. Fix It\u2019 started looking for tools. He found SpamAssassin and we started to experiment. Most of our e-mail infrastructure was undergoing major changes, so we decided this would be a good time to improve our spam detection.\u201cSpamAssassin is free under the GNU public license, so how good could it be? Well our success, after a little work, has been phenomenal! On a good or bad day - depending on one\u2019s perspective - SpamAssassin will catch 10,000 e-mail messages and do it with great accuracy.\u201cThe software is written in Perl, and we are running it on Red Hat Linux. Except for the hardware the whole solution was pretty much free. It uses various rules and techniques to detect and handle spam. It has levels of detection that range from \u2018just delete the darn message\u2019 to \u2018send it through with a note that says \u201cthis might be spam.\u201d\u2019 It can quarantine messages for later retrieval if needed. It can use \u2018blacklists\u2019 and \u2018whitelists\u2019 to handle those messages that just don\u2019t fit the rules.\u201cInstalling SpamAssassin was not a Windows Click-OK-enough-times-and-you-are-an-expert type of install. Several Red Hat Linux installs, to sort out the proper versions, were required. Getting all of the parts running is not the job of a novice or the faint of heart, since final testing can only be done on a live e-mail infrastructure. However, SpamAssassin was up to the task. It took a few weeks to get the rules fine-tuned to catch the things we were receiving or not to catch some with false positives. One of the nice things is the built-in diagnostics and analysis. SpamAssassin can put an analysis header in the front of every e-mail showing how it arrived at the conclusion that it must be spam.\u201dMany thanks to Mark Strickland for providing this information.