Welcome | Sign In
LinuxInsider.com
Security

SpamAssassin Switches to Apache License

Print Version
E-Mail Article
Reprints
SpamAssassin Switches to Apache License

By Elizabeth Millard
LinuxInsider
09/23/04 11:21 AM PT

The effort to bring SpamAssassin and Apache together has been an ongoing project that included effort of nearly 100 contributors and multiple lead programmers. Apache representative Lawrence Rosen told LinuxInsider that Apache's licensing is designed to foster the open-source spirit, and that shows in projects like SpamAssassin.


Open-source spam killer SpamAssassin 3.0 has been released, and while the new version has more features than its predecessors, it is in the licensing where it deviates the most from past versions.

Previously, the software was available under either the GPL or the Perl Artistic License. For 3.0, which was released Wednesday, SpamAssassin has chosen to adopt the Apache License.

The effort to bring SpamAssassin and Apache together has been an ongoing project for some time, and it included the contributions of nearly 100 contributors and multiple lead programmers.

However, it was worth the work, according to both groups. Apache representative Lawrence Rosen told LinuxInsider that Apache's licensing is designed to foster the open-source spirit, and that shows in projects like SpamAssassin.

"Apache focuses on having its licensing be true to open source," he said.

Stronger Firepower

SpamAssassin is an extensible e-mail filter that uses a combination of static rules for recognizing spam and adaptive learning features.

The new version includes new static rules, including changed definitions of previous rules based on current spam trends.

The new version also has a more modular design that extends the software's capabilities by supporting plug-ins. One of these is a major addition, which is support for Sender Policy Framework (SPF), which can trace e-mail Increase Customer Sales with Email Marketing -- Free Trial from VerticalResponse origins.

Also significant is a change to the per-user configuration. In previous versions, maintaining configurations was challenging in virtual hosting environments when users did not possess shell accounts on a mail server. Version 3.0 now allows per-user preferences as well as Bayesian data and auto-whitelists.

Spam Fighters

Although Apache will be more involved in the spam battle through SpamAssassin, the group recently announced a very different move in fighting spam through the use of Sender ID.

The software foundation noted that it would not support the proposed antispam standard because Microsoft's (Nasdaq: MSFT) licensing terms were unacceptable.

Sender ID is designed to identify whether an e-mail's source address is the originator of the message. Microsoft developed the Caller ID portion of the specification, and it proposed terms for the use of the technology.

Apache balked and said the license was contrary to the practice of open standards. Rosen said, "We want software that's not tied to requirements and conditions that go against the spirit of open source."

In contrast, SpamAssassin's adoption of the Apache license will allow for the development of antispam technology that integrates features and techniques from a changing roster of programmers.

One of the lead programmers on the SpamAssassin project, Dan Quinlan, noted that there is optimism for the project's success Download Free eBook - The Edge of Success: 9 Building Blocks to Double Your Sales to result in wider proliferation of third-party add-ons, which could be added to future releases.

Larger Battle

The fight against spam has become a heated one, prompting the creation of antispam companies and the development of numerous antispam software programs.

While SpamAssassin 3.0 will likely prove as popular as previous versions, there are larger movements to legislate against spam and stop the problem at the source.

As with the Sender ID situation, sometimes these actions hit roadblocks. A recent example is the dissolution of an antispam working group within the Internet Engineering Task Force.

The group had been working to create a standard for mail authentication, but it got shut down due to frequent disagreement among group members and frustration over the difficulties in formulating a single standard.

Although there are many software programs and antispam groups, Gartner (NYSE: IT) research director Arabella Hallawell told LinuxInsider that there is still a long way to go in forming a concrete solution to the problem. She noted that in some ways, open-source antispam has a long road ahead.

"You can get decent detection rates with open-source tools like SpamAssassin," she said. "But you have to spend time doing it. Sometimes it's better to get an antispam product that supports many different methods of detection."

However, she added, there is progress in the field, as long as companies are taking the correct steps. "Basically, organizations have to figure out their policies about spam," she said. "New products are helpful, but it's also vital to think about this on a company level, where each enterprise is implementing controls that make sense."

Print Version E-Mail Article Reprints More by Elizabeth Millard

Talkback: Be the first to comment on this story.

More by Elizabeth Millard

Ken Xie of Fortinet on Fighting Content Threats
November 25, 2004
"Integrating independent security systems together and keeping them all up-to-date and able to coordinate their actions in the face of a fast-moving attack is a daunting if not intractable task," Fortinet CEO Ken Xie told ECT News. "To deal with today's and tomorrow's blended threats requires a more integrated, holistic approach to security." 		Microsoft Files More Lawsuits over Spam
September 24, 2004
Going after spammers rather than focusing merely on developing antispam technology is an important step, John Movina, spokesperson for the Coalition Against Unsolicited Commercial Email, said. He told The E-Commerce Times that the United States has weaker criminal laws against spam than other countries, so it's vital to find other means to stop spammers. 		French Firms Aim To Beef Up Linux Security
September 24, 2004
The consortium plans to make bringing Linux up to the Evaluation Assurance Level 5 (EAL5), which is part of an internationally recognized security certification called Common Criteria, its first effort. EAL5 satisfies major security requirements in commercial as well as defense and government applications.
Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]
Shortcuts
> Get Business and Technology News Alerts
> Most Popular | Spotlight Features | Exclusives
> This Week on ECT News Network | Podcasts
> WiFi Hotspot Locator
> Inside LinuxInsider
White Papers | Case Studies | Reports
eMarketer Whitepaper: Optimizing the E-Commerce Experience
Top 6 Tips to Quickly and Significantly Reduce Your Call Center Operations Cost
From Laid-Off to Entrepreneur: Launching a Web Biz on a Shoestring
The Year in Mac Security 2008
Entering European Markets: A Challenging but Real Opportunity
Peak Oil & Sustainability: CRM's Potential Impact and 10 Innovations CRM Vendors Should Consider
Rewriting the Startup Handbook
LinuxInsider
E-Commerce Times
TechNewsWorld
MacNewsWorld
CRM Buyer
Today's LinuxInsider Sponsors
Avaya Aura™
Save up to 40% on calling costs with Avaya Aura™
Entrust Extended Validation SSL
Entrust EV SSL certificates -- "go green" for less. Now from only $199 per year.
Trend Micro Smart Protection Network(TM)
Lower your content security management costs by up to 40%.
ECT News Network Information
Reader Services
Corporate
ECT News Network
Terms of Service | Privacy Policy | How To Advertise
Copyright 1998-2009 ECT News Network, Inc. All Rights Reserved.