You are in: Articles / Security / Antispam / Eliminating the threat of spam email attacks

Eliminating the threat of spam email attacks

All the spam I am getting in my inbox has made me look into some more effective antispam tools. While googling for more information, I came across this article about SpamAssassin. It looks good so far. Here is the article in full, written by Scott Sidel:

Spam isn't just about deposed Nigerian dictators who want to send you millions of dollars. Spam emails often contain malicious code, viruses, phishing attacks, and drive-by Trojans -- not to mention some inappropriate content. One of the best weapons available to defend your systems against spam is the open source software SpamAssassin.

SpamAssassin detection methods
SpamAssassin interacts with the mail server and analyses each email message using multiple methods of detection. Integrity analysis examines mail message headers and bodies to identify the common characteristics of spam. Heuristic rules detect spam messages by testing all content and producing scores for spam and non-spam criteria. The more spam-like elements the system detects, the higher the score, indicating the message is likely spam and should be handled as such.

SpamAssassin consists of two main components: A message filter and a rules engine. The message filter incorporates backend code and the user interface, and performs several tasks -- including reading in messages, parsing into an internal format and rewriting messages. The rules engine handles the processing of hundreds of rules over the message content. The engine determines the final message score, and whether or not the message should be auto-learned via the Bayesian system and the other rules utilized. Despite the parsing and processing -- using a weighting system to intelligently determine if a message should be considered spam -- SpamAssassin is amazingly fast, handling thousands of messages with ease.

SpamAssassin also uses internally generated blacklists and whitelists from external sources, providing for known bad and good mail handling. The "AutoWhiteList" feature adds intelligence by dynamically adjusting the whitelist based on history. For instance, if a sender typically sends non-spam emails, and then happens to send a message that looks like spam, SpamAssassin uses it's history report to move the message score back toward a non-spam average -- adjusting the overall spam rating to compensate for the message being sent by a known sender.

Content filtering identifies key words or phrases, including purposefully trans-coded and obfuscated URLs. DNS block-lists, which are available on the Internet, allow SpamAssassin to block known spam senders. SpamAssassin also makes use of third-party plug-ins. For example, in a prior article I noted that Clam AntiVirus can provide SpamAssassin input if a message contains a virus, adding to SpamAssassin's weighted spam score.

SpamAssassin is available for Linux, Windows and Mac OS X platforms. If you run a mail server, you shouldn't do it without SpamAssassin.

About the author:
Scott Sidel is an Information Systems Security Officer (ISSO) at Lockheed Martin
And here is the link for the article as well:,289483,sid14_gci1261413,00.html
Rating: 12345
Leave a comment

Note: all fields marked with (*) are required
Comments (0)
Close send to email window

Verification code

Already a member?
Blacklist monitoring alerts
sign up Signup for our real-time monitoring service and receive email notifications each time one of your IPs gets blacklisted.
Free Signup
Mail Server Operating System Poll

What OS do you use for your email server?
disabled next

How many mailboxes do you currently manage?
previous next

Would you like to comment upon the choosing of this particular OS?

DNS Tools
Get IP status, owner and location, obtain its corresponding hostname or check specific ports.
Ping Statistics
Reverse DNS Lookup
Whois Info (IP owner)
GeoIP Information
Check Port
Open Relay Test
Test if your mail server is an open relay for spammers.
Blacklist Checker
Check if your IP is listed in DNS based email blacklists (DNSBL)