SpamAssassin takes aim at e-mail

Unfortunately, InfoWorld is not immune to spam. When seeking solutions to our spam problem, we wanted a product that would easily integrate into our existing environment while offering the flexibility to modify filtering rules and score assignments. After evaluating several possibilities, InfoWorld chose SpamAssassin, a popular open-source project that detects and marks messages deemed to be spam.

Our basic mail configuration matches that of many businesses: SMTP gateway servers accept mail from the outside world and then relay that mail to our cluster of mail servers. In our case, the SMTP gateways are Debian Linux boxes running Sendmail. The back-end mail cluster consists of Lotus Domino servers running on Windows. Our mail clients are a mixture of mostly Lotus Notes with some MozillaMail, BlackBerry, and Outlook users. To this mix, we added a separate Debian server running Sendmail and SpamAssassin using the “milter” in-line filtering capabilities of Sendmail.

SpamAssassin is easy to install and customize, with a basic interface for adding domains and e-mail addresses to blacklists and white lists. To do its work, SpamAssassin uses word and phrase matching, real-time blocking lists, and on-the-fly spam-reporting features.

Click for larger view.

Each e-mail is assigned a score depending on the detected level of spam probablility. By default, SpamAssassin flags a message as spam if the score is above five. We actually use a score of six for the [SPAM] flag to be added to a message subject line and a score over 10 for it to be automatically moved to a “caughtspam” folder.

SpamAssassin’s scores were developed using real spam and a number of algorithms to assign basic scores.  These are easily customized, and we did so by changing the numerical scores assigned to words such as “Viagra,” “FREE!!!”, and various forms of body-part enlargement to give these terms an automatic five points instead of the default one to two points. In the case of false positives (you will get some — no solution is perfect), changing SpamAssassin’s default rules fixes them easily.

As InfoWorld’s mail system evolves, we will continue to use the existing SpamAssassin filtering server. Even if your company runs Exchange or another proprietary e-mail system, adding a SpamAssassin filtering server in front of your incoming mail system can greatly decrease the time wasted by sifting through incoming spam.