Security

SpamAssassin Switches to Apache License

Open-source spam killer SpamAssassin 3.0 has been released, and while the new version has more features than its predecessors, it is in the licensing where it deviates the most from past versions.

Previously, the software was available under either the GPL or the Perl Artistic License. For 3.0, which was released Wednesday, SpamAssassin has chosen to adopt the Apache License.

The effort to bring SpamAssassin and Apache together has been an ongoing project for some time, and it included the contributions of nearly 100 contributors and multiple lead programmers.

However, it was worth the work, according to both groups. Apache representative Lawrence Rosen told LinuxInsider that Apache’s licensing is designed to foster the open-source spirit, and that shows in projects like SpamAssassin.

“Apache focuses on having its licensing be true to open source,” he said.

Stronger Firepower

SpamAssassin is an extensible e-mail filter that uses a combination of static rules for recognizing spam and adaptive learning features.

The new version includes new static rules, including changed definitions of previous rules based on current spam trends.

The new version also has a more modular design that extends the software’s capabilities by supporting plug-ins. One of these is a major addition, which is support for Sender Policy Framework (SPF), which can trace e-mail origins.

Also significant is a change to the per-user configuration. In previous versions, maintaining configurations was challenging in virtual hosting environments when users did not possess shell accounts on a mail server. Version 3.0 now allows per-user preferences as well as Bayesian data and auto-whitelists.

Spam Fighters

Although Apache will be more involved in the spam battle through SpamAssassin, the group recently announced a very different move in fighting spam through the use of Sender ID.

The software foundation noted that it would not support the proposed antispam standard because Microsoft’s licensing terms were unacceptable.

Sender ID is designed to identify whether an e-mail’s source address is the originator of the message. Microsoft developed the Caller ID portion of the specification, and it proposed terms for the use of the technology.

Apache balked and said the license was contrary to the practice of open standards. Rosen said, “We want software that’s not tied to requirements and conditions that go against the spirit of open source.”

In contrast, SpamAssassin’s adoption of the Apache license will allow for the development of antispam technology that integrates features and techniques from a changing roster of programmers.

One of the lead programmers on the SpamAssassin project, Dan Quinlan, noted that there is optimism for the project’s success to result in wider proliferation of third-party add-ons, which could be added to future releases.

Larger Battle

The fight against spam has become a heated one, prompting the creation of antispam companies and the development of numerous antispam software programs.

While SpamAssassin 3.0 will likely prove as popular as previous versions, there are larger movements to legislate against spam and stop the problem at the source.

As with the Sender ID situation, sometimes these actions hit roadblocks. A recent example is the dissolution of an antispam working group within the Internet Engineering Task Force.

The group had been working to create a standard for mail authentication, but it got shut down due to frequent disagreement among group members and frustration over the difficulties in formulating a single standard.

Although there are many software programs and antispam groups, Gartner research director Arabella Hallawell told LinuxInsider that there is still a long way to go in forming a concrete solution to the problem. She noted that in some ways, open-source antispam has a long road ahead.

“You can get decent detection rates with open-source tools like SpamAssassin,” she said. “But you have to spend time doing it. Sometimes it’s better to get an antispam product that supports many different methods of detection.”

However, she added, there is progress in the field, as long as companies are taking the correct steps. “Basically, organizations have to figure out their policies about spam,” she said. “New products are helpful, but it’s also vital to think about this on a company level, where each enterprise is implementing controls that make sense.”

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

LinuxInsider Channels