I’ve been meaning to get around to this for some time now but just never seem to have the time. With my wife now back at University studying all the time, I have a bit more time to myself.
This is in no way a thorough comparison of the two anti-spam mechanisms I currently use but is just a few current thoughts about the two –
ASSP as I understand it is a set of Perl scripts that proxy mail to your ‘real’ email server identifying spam in the process. As a direct proxy to your live ‘real’ email server, ASSP ceases to function when your ‘real’ email server is down/unavailable. In comparison DSPAM acts a relay (in my set-up), sitting in front of your ‘real’ email server receiving mail, quarantining what it classifies as spam and relaying the rest on to your ‘real’ email server. In this way DSPAM is able to accept email for you and queue it when your ‘real’ email server is actually down/unavailable.
I really like the quarantine aspect of DSPAM, in my current set-up I have ASSP marking spam with a prefixed subject and a server side rule on our ‘real’ email server uses that info to move suspected spam to a subfolder which is therefore skipped on POP3 collections. ASSP in this set-up is therefore similar to DSPAM, YMMV. This is just my set-up and not a property of ASSP though and therefore DSPAM is better in this aspect. DSPAM is also user configurable at this level, a user can specify to have all mail relayed and just have the subject prefixed rather than the quarantine default. DSPAM actually has lots of user configurable settings which is great.
DSPAM is user specific, as mentioned above users have preferences, they also have their own corpus and therefore their own idea of what spam is. One mans spam is another mans email, I suppose.
ASSP is MUCH easier to set-up than DSPAM and as it’s just some Perl scripts it runs on many OS’s including Windows. DSPAM was pretty complex to set-up but in it’s defence I’m no Linux guru and therefore things like this do take a while for me to master.
One of the things I’m finding using DSPAM is that you can do so much to filter out spam before it even reaches DSPAM. I’m using DSPAM with postfix and have quite a few spam prevention measures set-up within postfix that drastically reduce the spam that DSPAM even sees.
I’m yet to upgrade DSPAM to version 3.6 which was recently released, I’m sure the upgrade of the core will go fine, but personally worry about setting up the Apache side of things. My Apache knowledge isn’t great and as it’s all SSL with user authentication this is the reason I’m putting of the upgrade.
Anyway I’m bound to think of more I’d like to say in comparison of these two products and one day I will actually review these ‘notes’ and do a proper comparison. Until then, bare with me 🙂
OSBlues 
August 18, 2006 at 2:01 pm
As there have been a *lot* of development to ASSP lately we hope that you can get to a new comparison again soon. Version 1.2.4 is almost ready now. I guess the version you reviewed here was 1.1.1?
December 19, 2006 at 4:20 pm
You obviously have NO idea what DSPAM is. Either this blog has been hacked or you just don’t understand the difference between DSPAM and ASSP. You got it all wrong.
December 22, 2006 at 7:34 pm
OK, either I’m wrong (which I may be), or I’ve hacked my own blog 😛