O’Reilly news

"SpamAssassin": Easing the Burden of Spam for Organizations, Users, and Especially Sys Admins

August 24, 2004

Sebastopol, CA--The annoyance factor for individual users whose email is crammed with pitches for pornography, absurd moneymaking schemes, and dubious health products is fierce. For organizations, the cost of spam in lost productivity and burned bandwidth is astronomical. But the primary responsibility for dealing with the burgeoning crisis of spam proliferation falls on the shoulders of system administrators, says Alan Schwartz, author of SpamAssassin (O'Reilly, US $24.95).

"System administrators pay for spam with their time," explains Schwartz. "The Internet's email system was designed to make it difficult to lose email messages: when a computer can't deliver a message to the intended recipient, it does its best to return that message to the sender. If it can't send the message to the sender, it sends it to the computer's postmaster--because something must be seriously wrong if both the email addresses of the sender and the recipient of a message are invalid."

This well-meaning nature of Internet mail software becomes a positive liability when spammers come into the picture. As Schwartz points out, "In a typical bulk mailing, anywhere from a few hundred to tens of thousands of email addresses might be invalid. Under normal circumstances, these email messages would bounce back to the sender. But the spammer doesn't want them! To avoid being overwhelmed, spammers often use invalid return addresses. The result: the email messages end up in the mailboxes of the Internet postmasters, who are usually living, breathing system administrators."

With the onus of finding a solution to this massive problem--and fast--sys admins have many spam-fighting options available, but these often turn out to be too aggressive, too passive, or too complicated to set up. SpamAssassin has emerged as the most widely deployed anti-spam tool on the Internet today. SpamAssassin works on a rule-based system that analyzes email and compares different parts of messages with a large set of rules. Each rule adds or removes points from a message's spam score, and if the resulting score is high enough, the message is reported as spam. In addition to being free, powerful, and highly regarded, SpamAssassin is remarkably effective because it's easy for sys admins to fine tune the scoring process for their users' needs. The drawback? Until now, SpamAssassin's lack of published documentation.

SpamAssassin clarifies the installation, configuration, and use of the SpamAssassin spam-checking system (versions 2.63 and 3.0) for Unix system administrators using the Postfix, sendmail, Exim, or qmail mail servers. Readers will learn how to:

  • Customize SpamAssassin's rules, and even create new ones
  • Train SpamAssassin's Bayesian classifier to optimize it for the sort of email users typically receive
  • Block specific addresses, hosts, and domains using third-party blacklists
  • Whitelist known good sources of email so that messages from clients, coworkers, and friends aren't lost
  • Configure SpamAssassin to work with newer spam-filtering methods such as Hashcash (www.hashcash.org) and Sender Policy Framework (SPF)
  • SpamAssassin is for mail system administrators, network administrators, and Internet service providers or anyone who wants to regain some control over the growing nuisance of spam.

    Additional Resources:

    Alan Schwartz
    ISBN 0-596-00707-8, 207 pages, $24.95 US, $36.95 CA
    1-800-998-9938; 1-707-827-7000

    About O’Reilly

    O’Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O’Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying “faint signals” from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism.

    Email a link to this press release