SpamAssassin: A practical guide to integration and configuration: In depth guide to implementing antispam solutions using SpamAssassin

Spam, in computing terms, means something unwanted. It has normally been used to refer to unwanted email or Usenet messages, and it is now also being used to refer to unwanted Instant Messenger (IM) and telephone Short Message Service (SMS) messages. Spam email is unwanted, uninvited, and inevitably promotes something for sale. Often the terms junk email, Unsolicited Bulk Email (UBE), or Unsolicited Commercial Email (UCE) are used to refer to spam email. Spam generally promotes Internet-based sales, but it also occasionally promotes telephone-based or other methods of sales too.

People who specialize in sending spam are called spammers. Companies pay spammers to send emails on their behalf, and the spammers have developed a range of computerized tools and techniques to send these messages. Spammers also run their own online businesses and market them using spam email.

The term 'spam email' generally precludes email from known sources, regardless of however unwanted the content is. One example of this would be an endless list of jokes sent from acquaintances. Email viruses, trojan horses, and other malware (short for malicious software) are not normally categorized as spam either, although they share some common traits with spam. Emails that are not spam are often referred to as ham, particularly in the anti-spam community. Spam is subjective, and a message considered spam by one recipient may be welcomed by another.

Anti-spam tools can be partially effective in blocking malware, however, they are best at blocking spam. Special anti-virus software can and should be used to protect your inbox from other undesirable emails.

Spam is very cheap to send. The costs are insignificant as compared to conventional marketing techniques, so marketing by spam is very cost-effective, despite very low rates of purchases in response. But it translates into major costs for the victim.

In the USA, legislation proceedings on spam have been in progress since 1997. The latest legislation is the CAN-SPAM act (Bill number S.877) of 2003. This supersedes many state laws and is currently being used to prosecute persistent spammers. However, it is not proving a deterrent; the Coalition Against Unsolicited Commercial Email (CAUCE) reported in June 2004 that despite several high-profile lawsuits by the Federal Trade Commission (FTC) and ISPs, spam volumes were still increasing. The CAN-SPAM act is seen as weak on two counts: that consumers have to explicitly opt-out from commercial emails, and secondly, only ISPs can take action against spammers.

In Europe, legislation exists that makes spamming illegal. However, when Directive 2002/58/EC was passed in 2002, there were several problems with it. Business-to-business emails were excluded—a business could spam each and every account at any other business and stay within the law. Additionally, each individual member state has to pass its own laws and penalties for offenders. The law requires spammers to use opt-in emailing, where recipients have to explicitly request to receive commercial emails rather than the opt-out model proposed in the USA, where anyone can receive spam and has to request to be removed from mailing lists.

The Guardian, a UK newspaper, reported in June 2004 that gangs of spammers are moving their operations to the UK due to the leniency of the laws there. The maximum penalty they face in the UK is £5000, while in Italy spammers face up to three years of imprisonment. Until June 2004, no one had been convicted under this act in the UK.

In Australia, The Spam Act 2003 came into effect in April 2004. This makes spam illegal, using an opt-in model. Additionally, there have already been successful prosecutions for spamming in Australia using previous laws.

The Internet is a multinational network and domestic legislation cannot reach to another country. A U.S.-based spammer would be at risk of prosecution if it spammed U.S. citizens and advertised a product made and sold in the US. But a spammer from the Far East would be at very little risk of prosecution. Domestic legislation will not affect the volume of spam, but it may occasionally affect the types of products advertised via spam.

Spammers will often reroute spam via other nations, so spam is sent from the US to another country and then relayed back to the US again. This makes it more difficult to trace the source of the email and to prosecute them. Many countries have no anti-spam laws and there is little or even no risk to the spammer. The blurring of geographical boundaries by the Internet does little to aid in tracing spam email to its source. Anti-spam is now moving towards tracking spammers through other means. In May 2004, the New York Times reported that the Direct Marketing Association is using paper trails in the real world to trace spammers in the virtual world with success.

Apart from defining the term spam, this chapter has shown that there are true financial rewards for spammers, and that the costs to market via spam email are very low for the spammer. However, they affect the recipient of the email to a large extent.

Spam has been a part of the Internet for a long time, even before the World Wide Web took roots, and despite legislation, it will probably continue to be a problem in the future. Even if one country had a truly solid anti-spam law, the global nature of the Internet implies that spam could still arrive from an overseas source.

As the use of email increases, both for business and personal use, and as the ratio of spam increases still further, it is important for companies to filter out spam to preserve efficient operations. SpamAssassin is a spam-tagging tool that can provide very effective filtering capabilities when configured correctly. This book will describe how to install, configure, and maintain SpamAssassin to provide an effective anti-spam solution.