Last month I looked at SpamNet, which uses
the collective knowledge of thousands of Internet users to determine what
is and isn’t spam. This month, I look at SpamAssassin Pro from Deersoft.
At version 1.6 as I write this review, SpamAssassin Pro has its roots in
the wildly popular open source program SpamAssassin, which runs on UNIX
and Linux systems. It uses a set of built-in rules to determine if an e-mail
is likely to be spam. As one might expect, given its open source roots,
it lays bare how the rules operate for all to see and modify.
You might be concerned that opening the
rule set for all to examine would give spammers the information they need
to bypass SpamAssassin Pro. As it turns out, this is not quite so easy.
Spammers rely on certain things in order to be successful. They obfuscate
data in the headers to avoid detection. They use certain terms and styles
to try to make their messages stand out and be noticed. A spam is obviously
not going to be very effective if it is boring and nobody looking at it
gives it a second glance. They try to convince you that their e-mail is
not spam, that you actually requested it, or that this is a one-time thing
and that they are truly sorry if you received it in error. There are lots
of indicators that point to a message being spam.
SpamAssassin Pro has over 400 rules it
applies to each and every inbound e-mail looking for spam-like characteristics.
Every time there is a match with a rule, a score is assigned to the match.
As the score increases, it is more likely the e-mail is a spam. Once a
certain threshold is reached, SpamAssassin considers the e-mail to be spam.
Some rule examples;
Does the subject line contain an exclamation
mark? If so, 0.094 is added to the score. If three or more exclamation
marks are in the subject line, 0.763 is added to the score.
Is the message addressed to “undisclosed-recipient”?
This is common in spam where an e-mail is being sent to hundreds or thousands
of recipients and the spammer puts all the destination addresses as blind-carbon-copies.
Not wanting to leave the “to” blank, the recipient mail system enters “undisclosed-recipient”.
This adds a score of 4.034.
Does the message include the phrase “one time
mailing”? When is the last time you received a message from a friend indicating
it was a one-time mailing? Spammers use this to stop you from complaining
to their ISP. If this phrase is found, 2.464 is added to the score.
Does the message contain the phrase “instant
access”? This appears in a lot of spam promising you “instant access” to
porn sites. I’ve been told this is not true. The appearance of this phrase
adds 2.996 to the score.
I hear the sceptics already saying that there
is a flaw here. The fact that a message includes the phrase “instant access”
does not mean it’s a spam! Sharp thinking. And of course, you are right.
But there is no one rule that will cause an e-mail to be treated as spam.
Does the message contain a PGP signature?
Since not many spammers will digitally sign their e-mails, the presence
of a PGP signature subtracts 3.135 from the score.
The authors of SpamAssassin Pro did extensive
examination of 210,220 non-spam e-mails and 43,288 spams. The average score
for spam was 14.3. The average score for non-spam was -2.2. The average
score for false positives (non-spam being treated as spam) was 7.0 and
the average score for false negatives (not catching real spam) was 2.6.
With their weighting, considering over
250,000 messages, SpamAssassin Pro correctly identified spam 92.45% of
the time, which means 7.55% of spam made it past their filters. 99.93%
of the time, non-spam e-mails were correctly treated as such, leaving only
0.07% of non-spam e-mails being treated as spam.
I like the honesty of SpamAssassin Pro.
I don’t believe any anti-spam program that says it has no false positives
and catches all spam. SpamAssassin Pro states the odds and plays by them.
The user interface for SpamAssassin Pro
is clean, easy to understand and easy to use. It differs from SpamAssassin
in that, to survive in the world of a Windows GUI, you can’t expect users
to manually modify cryptic, text-based, configuration files. So it sports
a nice clean toolbar in Outlook. There are six buttons available.
Settings: This button brings up
the main configuration dialog box. The main options:
Choose to add a word or phrase to the subject
line of spam
Move spam to a designated folder
Scan Folder: This button allows you
to scan the current folder looking for spam. The is great to use after
you first install the program to clean out old junk. While you get a warning
that it may take some time, there is no cancel button, no progress bar,
and you are not informed when the process finishes. Worse, when I run this
on my Inbox (which resides on an Exchange Server and has over 2,300 messages)
it never seems to process more than a couple of hundred messages.
Choose languages that should be treated as
Allow Sender: This will add the
address of the sender of the currently selected message to the whitelist.
In the future, e-mails from this address will be not caught as spam. Use
this button if you discover that e-mails from a particular address are
accidentally being treated as spam. If you have SpamAssassin Pro set to
move spam to a folder, this button will move the message back to your Inbox.
Block Sender: If SpamAssassin Pro
fails to detect an e-mail as spam and you want to treat all messages from
this address as spam in the future, click this button. It will add the
address to the Blacklist and move the message to the spam folder (if the
program is configured to move spam to a folder.)
Allow Recipient: This is most useful
when using mailing lists. Messages on mailing lists are typically from
a great number of people, but are generally addressed to the name of the
list. So, the normal action of whitelisting the sender is not appropriate.
By using this button, you add the to address to the whitelist and all future
messages addressed to that address will not be treated as spam.
Block Recipient: This adds the to
address to the blacklist. I have not personally found this to be very useful,
but if you see spam coming in frequently addressed to a specific address,
and it is not yours, you can use this option to block it in the future.
Overall, I found SpamAssassin Pro to be
very effective. I found it had its biggest problem was with false positives
on the many mass-mailed newsletters I am subscribed to. Fortunately, it
is pretty fast and easy to whitelist these.
Because of the number of mailing lists
I am on, I found that the option Allow Recipient was extremely handy. All
anti-spam programs should offer this.
A few of entries needed a manual tweak
after whitelisting. For example, The Daily Dilbert comes from email@example.com,
where xxx is a random string of about 20 numbers and characters. I manually
edited the whitelist so this reads firstname.lastname@example.org and
the Daily Dilbert is no longer treated as spam.
Deersoft has made it more difficult to
modify the way SpamAssassin Pro works than it needs to be. The UNIX roots
show in the plain text .CF files where rules are defined and where many
of the configuration options are set. But not all configuration options
are set in the .CF files. Some are in the registry. There are even some
registry settings that are also listed in the .CF files. When I asked about
modifying the .CF files to change the behaviour of the program, I was cautioned
that it will work, but is unsupported by Deersoft. If you want to play
with the .CF files, I strongly suggest you visit spamassassin.org for more
information on the open source version — SpamAssassin.
I look forward to future versions that
will allow the end user to more easily modify the way the program operates.
Even a simple thing like the addition of a slider to allow the user to
choose the trigger score for spam would be a great thing.
While SpamAssassin Pro has a few rough
edges, I think it is great technology for dealing with spam. I really like
that I can see the rules and how they apply. If I want to roll up my sleeves,
I can get right in there and modify the rule set. I can change weightings
on individual rules if I don’t think they suit the e-mail and spam I receive.
SpamAssassin Pro costs US$30 and requires
Outlook 2000 or Outlook XP. It runs on Windows 98 through Windows XP and
supports POP3 accounts as well as Exchange Server. There are versions in
the works for other mail programs and you can sign up at the Deersoft web
site to be informed as they become available.
You can get more info and download a 14-day
trial of SpamAssassin Pro from www.deersoft.com.
US$30 (see requirements above)
Originally published: November, 2002