What is SpamAssassin?
SpamAssasin is a server-side software project that detects spam email messages based on customizable rules. Almost since its inception, email has been plagued by unsolicited bulk mail messages. Some of these emails are from otherwise legitimate businesses trying to draw attention to their offering, just like junk mail. Some of these emails are scams which seek to gain control of a user’s computer or personal information. All of them are considered spam.
According to some estimates, email spam accounts for 80–90% of all email messages. They are usually sent by botnets, networks of virus-infested computers, usually controlled by organized crime syndicates.
Most spam costs almost nothing to send, so even a very tiny rate of response makes it lucrative, since it can be sent at such extremely high volumes. One report in 2010 esimated that there are 183 billion spam messages sent every day.
Types of Spam Email
Ecommerce or Marketing Spam
The majority of spam email contains commercial messages advertising some kind of product.
The products and services advertised with spam range from online casinos to weight loss programs. The vast majority though (over 80%) are related to pharmaceuticals.
In some of these cases the product is real. Other times, the product is a ruse to collect credit card information. Sometimes there is an actual product but it is fraudulent in some ways. For example, spam email is often used to advertised the sale of penny stocks as part of a pump-and-dump price manipulation scheme.
Advanced Fee Fraud
If you’ve ever gotten an email from Nigerian Royalty, or been told you won a lottery you didn’t know you entered, you’ve experience Advanced Fee Fraud, also known as 419 scams.
In this scam, an email purports to have some large amount of money available for the recipient. The procedure required to receive the money involves forwarding a fee to some address designated in the email.
Some spam is disguised as official messages from trusted services like PayPal. The message claims that due to some security breach, the user will need to login and provide details such as a social security number. The links are directed to sites that are designed to look like the trusted service provider, but are set up by the fraudsters.
Backscatter spam is a sort of second-hand spam problem. Senders of spam emails usually forge their “from” address. Bounce messages are then sent by the recipient to the innocent server whose address was forged.
Economic Impact of Spam
Spam isn’t just annoying. It’s also expensive.
$6 billion is spent every year on anti-spam software. When combined with estimates about loss of time and productivity, some people think that the total economic cost of spam email is about $20 billion a year.
Spamassassin to the rescue
Spamassassin is an Open Source project from Apache. It uses a variety of tests to determine whether a message is likely to be spam. What a system does with this result is determined by other programs, not by Spam Assassin.
Advantages of Spamassassin
Spamassasin is Free and Open Source. This means that you don’t have to spend any money to combat spam with this product.
It also means that the methods for blocking spam are publicly viewable. This (somewhat paradoxically) makes it more likely to be effective; effectiveness is not dependent on secret methods, which could eventually be discovered and overcome.
The software is modular, with customizable rule sets. This allows for sysadmins in particular environments to determine what type of messages are flagged as spam and which are not.
Finally, Spamassassin is separate from, and usable with, almost any type of email server or email processing system. The software is installed as a module on the server. Messages can be sent to it for analysis by any program, and the Spamassassin returns a score indicating the likelihood that the message is spam. The email system then can decide what to do with: delete it, move it to a
/spam/ folder, etc.
How does Spamassassin work?
Spamassassin runs a series of individual tests on an email looking for particular features. Each test contributes to an overall score. Even if a message scores high on one test (likely spam) it might score low on all the others and be deemed not spam. This gives a more holistic view of the message, and allows for individual customization, by weighting the different tests unevenly, based on user experience. (There is a default weighting system in place, based on overall experience.)
Some of the tests run on email messages are:
- Header tests, to determine if the headers are complete, accurate, and honest
- Body phrase tests, looking for key phrases (like “cheap pharmacy” or “discount online casino”)
- Character sets and locales
Spamassasin also checks the message against centralized repositories of known spam-sending addresses. You can also add specific white-list or black-list addresses locally.
Spamassasin with Web Hosting
Many web hosting companies have installed Spamassassin and included its functionality into their mail server. You usually don’t have to do anything to set this up, and how much access you have to modify its rules will depend on the hosting company you choose.
Here's What Your SpamAssassin Hosting Needs To Offer
Virtually all hosting providers include some form of spam protection. However, the details may vary pretty considerably from one provider to the next. If you know you want spam protection by Spam Assassin, the best way to verify the inclusion of this feature, if the information isn’t provided at the host’s website, is to chat with the sales team. Our recommended hosts for email accounts protected by Spam Assassin is SiteGround.