[ISN] SpamAssassin sports new open-source license

InfoSec News isn at c4i.org
Thu Sep 23 03:15:15 EDT 2004


By Stephen Shankland 
Staff Writer, CNET News.com
September 22, 2004

Programmers on Wednesday released the new version 3.0 of SpamAssassin,
open-source software for filtering out unwanted e-mail, but the
changes are as much legal as technological.

Project leaders for the widely used software chose to enter the fold
of the Apache Software Foundation to take advantage of the nonprofit
group's legal and technical resources. To make the move, SpamAssassin
had to adopt the Apache License.

Previously, the software was available under a choice of two licenses:  
the General Public License (GPL) that governs Linux and many other
open-source programs and the Perl Artistic License.

Open-source software advocates tout the fact that their programming
philosophy permits large numbers of people to contribute to a project.  
But making the license change illustrated a difficulty of that broad
collaboration: Project leaders had to secure the permission from all
programmers who had contributed to SpamAssassin.

"It was fairly difficult and took us about four months to do the brunt
of the work," Dan Quinlan, one of the lead programmers, said via
e-mail. "We had to contact about 100 contributors, get their explicit
permission to relicense the code, and in some cases where we could not
contact a contributor, we had to remove their code and reimplement

The work was worth it, though, he said. The previous dual-license
situation was confusing for handling software contributions, and the
Apache License has "some nice and very reasonable properties," Quinlan
said. "For example, if someone contributes code that is itself
encumbered by their own patent, they can't later sue us over it."

Apache is the most widely used software for hosting Web sites, with 68
percent market share, according to monitoring firm NetCraft. The
Apache Software Foundation is broader, though, governing several
projects including software to process XML messages and run Java

The Apache Software Foundation owns the SpamAssassin source code
copyright, Quinlan said.

Technical changes, too

Version 3.0 of SpamAssassin includes technical changes as well. One
major feature is support for Sender Policy Framework (SPF), a
mechanism to accurately trace e-mail origins to help identify possible

Apache has rejected a broader proposal called Sender ID that
incorporates SPF and a comparable Microsoft technology called Caller
ID for E-mail. Apache objected to Microsoft's licensing terms.

The new SpamAssassin also has a more modular design intended to let
others add new features more easily.

"It makes it really easy to integrate new antispam techniques and
other features into SpamAssassin," Quinlan said. "We hope this will
result in the much wider proliferation of third-party add-ons, and we
expect the best of those to be contributed and added to future
SpamAssassin releases."

SpamAssassin is used in McAfee's SpamKiller software.

More information about the ISN mailing list