Did you know SpamAssassin sends
data offsite? I only noticed while debugging why spamassassin
sometimes takes a full minute to classify a message.
I'm having a hard time finding a full human-readable list of what it does, but if you have the source I think grep 'tflags.*net' rules/* gives you a dump. It at least does a bunch of DNS lookups and checks against Vipul's Razor, DCC, and Pyzor. I don't think SpamAssassin is evil. I am surprised that it does network checks by default. There's the obvious privacy issue. And network overhead can be high, particularly with 60 second timeouts. It seems like spamassassin installations are vulnerable to denial of service; if an attacker can cause all spamassassin installations to wait 60 seconds to classify every email, it could cause chaos in mail delivery. But network-based checks can be really useful. The DNS heuristics look great and the collaborative spam databases are a real solution to the spam problem. There's an obvious commercial opportunity here. For now I'm leaving network checks on. If you want, you can turn network checks off with the flag --local. |