spamassassin

SpamAssassin is an open-source email spam and malware-adjacent filtering system. It scores incoming email using configurable rules (e.g., Bayesian learning, DNS-based checks, and pattern/rule matching) and can produce a classification result (spam/ham) and add headers for downstream processing.

Evaluated Apr 04, 2026 (22d ago)
Homepage ↗ Repo ↗ Security email spam-filtering mail-security open-source rules-engine
⚙ Agent Friendliness
26
/ 100
Can an agent use this?
🔒 Security
33
/ 100
Is it safe for agents?
⚡ Reliability
38
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
0
Documentation
20
Error Messages
0
Auth Simplicity
100
Rate Limits
0

🔒 Security

TLS Enforcement
40
Auth Strength
10
Scope Granularity
0
Dep. Hygiene
55
Secret Handling
70

As a local filtering engine, it avoids API-based auth but security hinges on deployment practices (mail transport security, sandboxing where applicable, protecting learning databases/config). TLS enforcement for any network interactions is not clearly specified here. Dependency hygiene is unknown from the provided information; score is conservative.

⚡ Reliability

Uptime/SLA
0
Version Stability
60
Breaking Changes
40
Error Recovery
50
AF Security Reliability

Best When

You have control of an MTA/MDA or mail pipeline and want a configurable, on-prem spam-scoring engine.

Avoid When

You need a managed SaaS with a REST/GraphQL API, OAuth, rate limits, and webhooks out of the box.

Use Cases

  • On-prem or self-hosted email spam filtering
  • Scoring and flagging suspicious emails for ticketing/relay systems
  • Integrating rule-based email classification into existing mail pipelines
  • Running Bayesian or rule-based tuning for a specific organization/domain

Not For

  • Replacing a full anti-malware sandbox for attachments
  • Real-time phishing prevention without additional controls (MTA rules, URL rewriting, user training)
  • Providing a hosted API service for developers (it’s primarily a mail-filtering engine)

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
No
SDK
No
Webhooks
No

Authentication

Methods: None (local/self-hosted)
OAuth: No Scopes: No

No platform authentication model is indicated; authentication is typically handled by the local deployment/middleware (e.g., mail server access), not by a SpamAssassin API.

Pricing

Free tier: No
Requires CC: No

Self-hosted open-source; costs are infrastructure/ops and any supporting services.

Agent Metadata

Pagination
none
Idempotent
False
Retry Guidance
Not documented

Known Gotchas

  • No first-class agent-friendly network API to call; an agent would typically need to operate by editing config, invoking CLI/tools, or integrating with an MTA.
  • Behavior is highly dependent on configuration (rules, DNS/RBLs, bayes DB state), so reproducibility requires careful config/version control.

Alternatives

Rspamd Apache James + spam filtering components MailCleaner MailScanner Cloud email security gateways (vendor SaaS)

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for spamassassin.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-04-04.

8642
Packages Evaluated
17761
Need Evaluation
586
Need Re-evaluation
Community Powered