Apache SpamAssassin was created by Justin Mason, who had maintained a number of patches against an earlier program named filter.plx by Mark Jeftovic, which in turn was begun in August 1997.

Mason rewrote all of Jeftovic's code from scratch and uploaded the resulting codebase to SourceForge on April 20, 2001.

The client/server or embedded mode of operation has performance benefits, but under certain circumstances may introduce additional security risks.

Apache SpamAssassin comes with a large set of rules which are applied to determine whether an email is spam or not.

Most rules are based on regular expressions that are matched against the body or header fields of the message, but Apache SpamAssassin also employs a number of other spam-fighting techniques.

Apache SpamAssassin has an internal (configurable) score threshold to classify a message as spam.

For this purpose, Apache SpamAssassin provides the command-line tool sa-learn, which can be instructed to learn a single mail or an entire mailbox as either ham or spam.

Apache SpamAssassin is designed to trigger on the GTUBE, a 68-byte string similar to the antivirus EICAR test file.