OStatic

I don't know about you, but I'm inundated with e-mail every day. What used to be a wonderful tool is now overwhelming, and I spend a great deal of time just responding to legitimate e-mail.

As if that weren't enough, I also get a tremendous amount of spam. My e-mail address has been published in enough places on the Internet that I can't realistically try to hide it. And changing it would seem like a cop-out.

Fortunately, I have an excellent weapon in the war against spam, one which I have been using for many years: SpamAssassin,. This program, which is now under the umbrella of the Apache Software Foundation, sees spam as a problem that can only be identified by applying a large number of rules, each of which picks up on a small characteristics. Each rule adds a certain number of points to a message's "score," such that if enough rules match, the score becomes high enough to classify a message as spam.

For example, let's say that you receive a message whose subject is only in capital letters. This might well be spam, since many spam messages have that characteristic. But it might also be legitimate. SpamAssassin will thus assign 2 points to the message. But if the message also begins with the greeting "Dear friend," and then mentions a fortune that was left behind to a widow, and then also asks for help with an international bank transfer -- well, each of those items will be identified by SpamAssassin, and will lead to a high message score.

This multi-rule approach has made SpamAssassin particularly potent in the war against spam. Moreover, users are able to modify the point values, rules, and thresholds above which messages are considered spam. This means that each site's spam filter will be slightly different, tuned to its needs. This is in addition to a built-in Bayes analysis tool that rates messages as "spam" or "ham" (i.e., non-spam) based on past experience. SpamAssassin also includes built-in functionality that ties it into the Razor and Pyzor spam databases.

One potential problem with SpamAssassin is its long startup time. This is a particularly serious problem when working with a heavily loaded mail server. SpamAssassin's solution is to divide the work between a spam-checking server ("spamd") and a spam-checking client ("spamc"). The use of spamc/spamd significantly reduces the wait time and server load, allowing you to check for spam very quickly.

SpamAssassin is far from the only spam-checking system on the Internet. But its open platform, ease of installation, and simple configuration -- along with its flexibility and multifaceted defenses against spam -- have made it one of my favorite tools, something that I install almost immediately when I set up a new server.

How do you go about fighting spam? 

• Apache
• spam
• spamassassin
• e-mail