• United States

One company’s experience with a free spam-blocking tool

Jan 06, 20043 mins
Enterprise ApplicationsMalwareMessaging Apps

* Reader weighs in on SpamAssassin

One reader of this newsletter recently let me know how SpamAssassin has been effective in stopping a large percentage of the spam his company’s mail system encounters.

Here’s what he had to say:

“For several years we have had simple content filtering that was effective in catching much of the spam that that we received each day. Body-part enlargement and other questionable words in an e-mail message would reliably indicate that it was some type of non-business junk mail. Some of the more clever sources would misspell words; we would add them to the list, and for a while it worked fairly well.

“Since early in 2003, the volume, the objectionable content and the creativity of spammers have increased dramatically. About three months ago we decided to find a better solution. As in many IT shops, we don’t have any extra money, so our ‘Mr. Fix It’ started looking for tools. He found SpamAssassin and we started to experiment. Most of our e-mail infrastructure was undergoing major changes, so we decided this would be a good time to improve our spam detection.

“SpamAssassin is free under the GNU public license, so how good could it be? Well our success, after a little work, has been phenomenal! On a good or bad day – depending on one’s perspective – SpamAssassin will catch 10,000 e-mail messages and do it with great accuracy.

“The software is written in Perl, and we are running it on Red Hat Linux. Except for the hardware the whole solution was pretty much free. It uses various rules and techniques to detect and handle spam. It has levels of detection that range from ‘just delete the darn message’ to ‘send it through with a note that says “this might be spam.”’ It can quarantine messages for later retrieval if needed. It can use ‘blacklists’ and ‘whitelists’ to handle those messages that just don’t fit the rules.

“Installing SpamAssassin was not a Windows Click-OK-enough-times-and-you-are-an-expert type of install. Several Red Hat Linux installs, to sort out the proper versions, were required. Getting all of the parts running is not the job of a novice or the faint of heart, since final testing can only be done on a live e-mail infrastructure. However, SpamAssassin was up to the task. It took a few weeks to get the rules fine-tuned to catch the things we were receiving or not to catch some with false positives. One of the nice things is the built-in diagnostics and analysis. SpamAssassin can put an analysis header in the front of every e-mail showing how it arrived at the conclusion that it must be spam.”

Many thanks to Mark Strickland for providing this information.