Ottawa PC Users' Group, Inc.
 Product Review 


SpamAssassin Pro
by
Chris Taylor

Last month I looked at SpamNet, which uses the collective knowledge of thousands of Internet users to determine what is and isn’t spam. This month, I look at SpamAssassin Pro from Deersoft. At version 1.6 as I write this review, SpamAssassin Pro has its roots in the wildly popular open source program SpamAssassin, which runs on UNIX and Linux systems. It uses a set of built-in rules to determine if an e-mail is likely to be spam. As one might expect, given its open source roots, it lays bare how the rules operate for all to see and modify.

You might be concerned that opening the rule set for all to examine would give spammers the information they need to bypass SpamAssassin Pro. As it turns out, this is not quite so easy. Spammers rely on certain things in order to be successful. They obfuscate data in the headers to avoid detection. They use certain terms and styles to try to make their messages stand out and be noticed. A spam is obviously not going to be very effective if it is boring and nobody looking at it gives it a second glance. They try to convince you that their e-mail is not spam, that you actually requested it, or that this is a one-time thing and that they are truly sorry if you received it in error. There are lots of indicators that point to a message being spam.

SpamAssassin Pro has over 400 rules it applies to each and every inbound e-mail looking for spam-like characteristics. Every time there is a match with a rule, a score is assigned to the match. As the score increases, it is more likely the e-mail is a spam. Once a certain threshold is reached, SpamAssassin considers the e-mail to be spam.

Some rule examples;

  • Does the subject line contain an exclamation mark? If so, 0.094 is added to the score. If three or more exclamation marks are in the subject line, 0.763 is added to the score.
  • Is the message addressed to “undisclosed-recipient”? This is common in spam where an e-mail is being sent to hundreds or thousands of recipients and the spammer puts all the destination addresses as blind-carbon-copies. Not wanting to leave the “to” blank, the recipient mail system enters “undisclosed-recipient”. This adds a score of 4.034.
  • Does the message include the phrase “one time mailing”? When is the last time you received a message from a friend indicating it was a one-time mailing? Spammers use this to stop you from complaining to their ISP. If this phrase is found, 2.464 is added to the score.
  • Does the message contain the phrase “instant access”? This appears in a lot of spam promising you “instant access” to porn sites. I’ve been told this is not true. The appearance of this phrase adds 2.996 to the score.
  • Does the message contain a PGP signature? Since not many spammers will digitally sign their e-mails, the presence of a PGP signature subtracts 3.135 from the score.
I hear the sceptics already saying that there is a flaw here. The fact that a message includes the phrase “instant access” does not mean it’s a spam! Sharp thinking. And of course, you are right. But there is no one rule that will cause an e-mail to be treated as spam.

The authors of SpamAssassin Pro did extensive examination of 210,220 non-spam e-mails and 43,288 spams. The average score for spam was 14.3. The average score for non-spam was -2.2. The average score for false positives (non-spam being treated as spam) was 7.0 and the average score for false negatives (not catching real spam) was 2.6.

With their weighting, considering over 250,000 messages, SpamAssassin Pro correctly identified spam 92.45% of the time, which means 7.55% of spam made it past their filters. 99.93% of the time, non-spam e-mails were correctly treated as such, leaving only 0.07% of non-spam e-mails being treated as spam.

I like the honesty of SpamAssassin Pro. I don’t believe any anti-spam program that says it has no false positives and catches all spam. SpamAssassin Pro states the odds and plays by them.

The user interface for SpamAssassin Pro is clean, easy to understand and easy to use. It differs from SpamAssassin in that, to survive in the world of a Windows GUI, you can’t expect users to manually modify cryptic, text-based, configuration files. So it sports a nice clean toolbar in Outlook. There are six buttons available.

Settings: This button brings up the main configuration dialog box. The main options:

  • Choose to add a word or phrase to the subject line of spam
  • Move spam to a designated folder
  • Mark spam as read
  • Edit the whitelist
  • Edit the blacklist
  • Choose languages that should be treated as spam
Scan Folder: This button allows you to scan the current folder looking for spam. The is great to use after you first install the program to clean out old junk. While you get a warning that it may take some time, there is no cancel button, no progress bar, and you are not informed when the process finishes. Worse, when I run this on my Inbox (which resides on an Exchange Server and has over 2,300 messages) it never seems to process more than a couple of hundred messages.

Allow Sender: This will add the address of the sender of the currently selected message to the whitelist. In the future, e-mails from this address will be not caught as spam. Use this button if you discover that e-mails from a particular address are accidentally being treated as spam. If you have SpamAssassin Pro set to move spam to a folder, this button will move the message back to your Inbox.

Block Sender: If SpamAssassin Pro fails to detect an e-mail as spam and you want to treat all messages from this address as spam in the future, click this button. It will add the address to the Blacklist and move the message to the spam folder (if the program is configured to move spam to a folder.)

Allow Recipient: This is most useful when using mailing lists. Messages on mailing lists are typically from a great number of people, but are generally addressed to the name of the list. So, the normal action of whitelisting the sender is not appropriate. By using this button, you add the to address to the whitelist and all future messages addressed to that address will not be treated as spam.

Block Recipient: This adds the to address to the blacklist. I have not personally found this to be very useful, but if you see spam coming in frequently addressed to a specific address, and it is not yours, you can use this option to block it in the future.

Overall, I found SpamAssassin Pro to be very effective. I found it had its biggest problem was with false positives on the many mass-mailed newsletters I am subscribed to. Fortunately, it is pretty fast and easy to whitelist these.

Because of the number of mailing lists I am on, I found that the option Allow Recipient was extremely handy. All anti-spam programs should offer this.

A few of entries needed a manual tweak after whitelisting. For example, The Daily Dilbert comes from dailycomic#xxx@umsan1.unitedmedia.com, where xxx is a random string of about 20 numbers and characters. I manually edited the whitelist so this reads dailycomic*@umsan1.unitedmedia.com and the Daily Dilbert is no longer treated as spam.

Deersoft has made it more difficult to modify the way SpamAssassin Pro works than it needs to be. The UNIX roots show in the plain text .CF files where rules are defined and where many of the configuration options are set. But not all configuration options are set in the .CF files. Some are in the registry. There are even some registry settings that are also listed in the .CF files. When I asked about modifying the .CF files to change the behaviour of the program, I was cautioned that it will work, but is unsupported by Deersoft. If you want to play with the .CF files, I strongly suggest you visit spamassassin.org for more information on the open source version — SpamAssassin.

I look forward to future versions that will allow the end user to more easily modify the way the program operates. Even a simple thing like the addition of a slider to allow the user to choose the trigger score for spam would be a great thing.

While SpamAssassin Pro has a few rough edges, I think it is great technology for dealing with spam. I really like that I can see the rules and how they apply. If I want to roll up my sleeves, I can get right in there and modify the rule set. I can change weightings on individual rules if I don’t think they suit the e-mail and spam I receive.

SpamAssassin Pro costs US$30 and requires Outlook 2000 or Outlook XP. It runs on Windows 98 through Windows XP and supports POP3 accounts as well as Exchange Server. There are versions in the works for other mail programs and you can sign up at the Deersoft web site to be informed as they become available.

You can get more info and download a 14-day trial of SpamAssassin Pro from www.deersoft.com.


Bottom Line:

SpamAssasin Pro
US$30 (see requirements above)
from  Deersoft
Web site: http://www.deersoft.com


Copyright and Usage
Ottawa Personal Computer Users' Group (OPCUG), Inc.
3 Thatcher Street, Ottawa, ON  K2G 1S6

The opinions expressed in these reviews may not necessarily
represent the views of the OPCUG or its members.