"Out-of-the-box", SpamAssassin alone is a very excellent tool for determining when a message is spam or not. There are known characteristics that are included with each release of SA as a base default for how to classify something as spam or not.
However, as the saying goes, "one man's garbage is another man's treasure", and what you may consider spam, I might consider vital information. For example, I specifically signed up for offers from various companies the last time I registered at usps.com that I was moving to a new location. My Inbox suddenly had extra Emails about buying furniture, going to my local handyman store, etc. After a few days, I realized that I didn't want these messages any more.
Not wanting something you originally signed up for doesn't classify it as spam, it just makes it 'unwanted', so I clicked on the 'unsubscribe' links in each one, and that was that, the reputable businesses took care of my unsubscribe requests and I haven't received any more messages from them. Some businesses, however, are less-than-reputable, and only use the unsubscribe links to validate that a human being actually read the message, and turn around and sell your Email address as a known human-read address for others to spam.
Two weeks ago, unrelated whatsoever from the USPS sign-up I had done, I had an Email appear in my Inbox from someone claiming to be a bank that I've never heard of, telling me that my online banking access was limited and that I needed to login at the URL provided to restore my access. This is a typical "phishing" scheme, and is definitely a 'spam' message I want to avoid getting in the future.
By training SA that the original furniture Emails are 'ham' and the phishing message is 'spam', SA starts to learn about my Email habits, and can better determine next time whether a message is likely to be spam or not. For example, I flagged the phishing message as spam, and have seen a handful of other identical messages automatically end up in my spam box because SA successfully filtered them for me.
Now, since some of us are prone to getting more spam messages than legitimate messages, it would be easy to overload SpamAssassin with nothing but spam and have it learn what kinds of messages we do not want. However, like most things in life, we need to strike a balance, and to even things out we need to train SpamAssassin with the kinds of messages we *do* want to receive as well.
In training SA, the training application will dissect a message and build bits and pieces into 'tokens'. These tokens could consist of characteristics like time of day the message was sent, the From address, whether the From address matches the Email header for where it really came from, the IP addresses it bounced around on the Internet before getting to my hosting account, the subject line, and the body of the message itself.
It's important to note, however, that the training you do will affect each user on your domain. SpamAssassin's interface with CPanel does not allow each individual Email address to determine their own spam/ham training. SA will simply scan all of the messages in the spam folder, then all messages in the ham folder, and and those tokens will be used to EVERY USER ON YOUR DOMAIN.
For example, if you had 10 users, and 9 of them said an Email from a major retail chain was spam, but one user said it was legitimate, because the scripts (on purpose) scan the spam filter first, SA will learn from the 1 user who thought the message was *ham* and use those tokens for all users the next time a message comes in from that retailer. For this reason, it's important to educate your users (covered later) about how to handle spam and ham.
Recent comments
4 days 21 hours ago
3 weeks 6 days ago
18 weeks 6 days ago
24 weeks 6 days ago
22 weeks 4 days ago
22 weeks 3 hours ago