SpamAssassin

This is a book for anyone who wants to know what is under the hood. This books details what is behind the engine, its architecture and its learning system. While it is leaning more heavily in the mail transfer agent (MTA) side, it still offers a lot of tips to readers as to how one can use SpamAssassin to combat junk mail. The Autowhitelisting and Bayesian Filtering are a must for those who really want to know how to use the tool. This is what makes it different from other keyword based filtering. This would be a great book for those who run and maintain their own mailing server, because it has lots of details for sendmail, postfix, exim and qmail. Although the author has a section on pop mail configuration, I would like to see more client configuration examples such as outlook express or Novell's evolution/Ximian, or kmail. This is because not everybody runs email server at home. Nonetheless, this is a great book for those who want to set up their own spam mail filters and get rid of those annoying junk mail. Additionally, the author provides a very detailed list of resources.

SpamAssassin is the immensely popular open-source spam solution for the Linux/Unix world. This book covers version 3.0, which, curiously enough, is not included with the book. This is pretty unusual in the open-source world since it costs very little to put a copy of the program onto CD and bind it into the book. The reasons for SpamAssassin's popularity include its high level of customizability, the ability to change the rules and the weights assigned to those rules, automatically report spam to clearinghouses, ability to interface with other resources on the internet including DNS blacklists, ability to create a whitelist, and the ability to work with a wide variety of mail systems including sendmail, Postfix, qmail, and Exim. One of the really nice features is the ability for the system to automatically add a person to the whitelist if you send an outgoing email to that person. Of course all of this requires an understanding of how SpamAssassin works and how to configure and tweak it to get it to do what you want. That is where this book comes in. The author has done an excellent job of explaining not only the concepts but also the details of how SpamAssassin works and how to tweak it to work best in your environment. This is easily one of the most clearly written and understandable books on configuring the software that I have read. SpamAssassin is highly recommended for anyone on a Unix-like system who is considering using the program as a spam control solution. It took some time to figure out how to configure it best for my needs but my spam is down over 90% with no false positives. Don't expect the author to spoon feed you what is best for your system, but he gives you the information to design one that works for you.

Thanks for the review. You are correct that the book focuses on getting the most out of SA, and not on criticizing SA per se (although other approaches are mentioned briefly). Blacklists applying to header fields is not a flaw - particularly when the Received header is considered, and when you consider that spammers have no incentive to forge blacklisted addresses. Moreover, SA 3.0 can apply URI blacklists to URIs in message bodies, not just to headers. The book does discuss how you'd acquired a corpus for training, and the research to date (see, e.g., Paul Graham's plan for spam FAQ and presentations) suggests that non-sequitor words included by spammers are not, in fact, effective at poisoning Bayesian classifiers, except under uncommon circumstances. My own experiences are similar - innocuous words do not ruin filter efficacy.