SpamAssassin sports new open-source license

Open-source spam blocker gets legal makeover with switch to Apache license. Oh, and tech upgrades.

Stephen Shankland principal writer
Stephen Shankland has been a reporter at CNET since 1998 and writes about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertise processors, semiconductors, web browsers, quantum computing, supercomputers, AI, 3D printing, drones, computer science, physics, programming, materials science, USB, UWB, Android, digital photography, science Credentials
  • I've been covering the technology industry for 24 years and was a science writer for five years before that. I've got deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and other dee
Stephen Shankland
2 min read
Programmers on Wednesday released the new version 3.0 of SpamAssassin, open-source software for filtering out unwanted e-mail, but the changes are as much legal as technological.

Project leaders for the widely used software chose to enter the fold of the Apache Software Foundation to take advantage of the nonprofit group's legal and technical resources. To make the move, SpamAssassin had to adopt the Apache License.

Previously, the software was available under a choice of two licenses: the General Public License (GPL) that governs Linux and many other open-source programs and the Perl Artistic License.

Open-source software advocates tout the fact that their programming philosophy permits large numbers of people to contribute to a project. But making the license change illustrated a difficulty of that broad collaboration: Project leaders had to secure the permission from all programmers who had contributed to SpamAssassin.

"It was fairly difficult and took us about four months to do the brunt of the work," Dan Quinlan, one of the lead programmers, said via e-mail. "We had to contact about 100 contributors, get their explicit permission to relicense the code, and in some cases where we could not contact a contributor, we had to remove their code and reimplement it."

The work was worth it, though, he said. The previous dual-license situation was confusing for handling software contributions, and the Apache License has "some nice and very reasonable properties," Quinlan said. "For example, if someone contributes code that is itself encumbered by their own patent, they can't later sue us over it."

Apache is the most widely used software for hosting Web sites, with 68 percent market share, according to monitoring firm NetCraft. The Apache Software Foundation is broader, though, governing several projects including software to process XML messages and run Java programs.

The Apache Software Foundation owns the SpamAssassin source code copyright, Quinlan said.

Technical changes, too
Version 3.0 of SpamAssassin includes technical changes as well. One major feature is support for Sender Policy Framework (SPF), a mechanism to accurately trace e-mail origins to help identify possible spam.

Apache has rejected a broader proposal called Sender ID that incorporates SPF and a comparable Microsoft technology called Caller ID for E-mail. Apache objected to Microsoft's licensing terms.

The new SpamAssassin also has a more modular design intended to let others add new features more easily.

"It makes it really easy to integrate new antispam techniques and other features into SpamAssassin," Quinlan said. "We hope this will result in the much wider proliferation of third-party add-ons, and we expect the best of those to be contributed and added to future SpamAssassin releases."

SpamAssassin is used in McAfee's SpamKiller software.