Rspamd vs SpamAssassin
This comparison helps you understand the key differences between Rspamd and SpamAssassin, the two most popular open-source email filtering solutions. Both are mature, well-maintained projects with active communities, but they take fundamentally different approaches to spam filtering.
Quick Summary
Choose Rspamd if you need:
- High-performance filtering (10-100x faster)
- Modern architecture with async I/O
- Built-in machine learning and neural networks
- Integrated web UI and management API
- Real-time configuration updates
- Native clustering and load balancing
Choose SpamAssassin if you need:
- Drop-in replacement for existing SA infrastructure
- Perl-based plugin ecosystem
- Simpler setup for small installations
- Compatibility with legacy Bayes databases
Detailed Comparison
 |
 |
|
| Architecture & Performance | ||
|---|---|---|
| Written in | C/C++ + Lua | Perl |
| Process model | Event-driven async I/O (libevent) | Pre-forked worker pool |
| Performance (msg/sec/core) | 5-10 messages/sec (500K-1M msg/day per worker) |
0.5-2 messages/sec (50K-200K msg/day per worker) |
| Typical scan time | 50-200ms including network ops | 200ms-2s depending on rules |
| Memory per process | 50-100MB per worker | 30-50MB per worker |
| Concurrent processing | 100+ messages simultaneously per worker | 1 message per worker process |
| DNS queries | Async, non-blocking, parallel | Sequential or limited parallelism |
| Integration & Management | ||
| MTA integration | HTTP/JSON API, Milter, Exim protocol | Spamc/Spamd protocol, Milter (via Amavis) |
| Web interface | Built-in modern SPA Real-time stats, history, training, config |
3rd party solutions only |
| Management API | RESTful HTTP API Full control, metrics, training |
Limited (spamc protocol) |
| Configuration format | UCL (JSON-compatible, typed) Includes, macros, validation |
Custom text format Perl-style syntax |
| Dynamic updates | Zero-downtime reload Maps update without restart |
Requires process restart |
| Monitoring | Prometheus metrics Structured JSON logs |
Syslog, limited metrics |
| Scripting/Plugins | Lua API (LuaJIT) Fast, sandboxed, async support |
Perl plugins Full Perl ecosystem |
| Email Authentication | ||
| SPF | Full implementation | Full implementation |
| DKIM | Verify + Sign Multiple signatures, key caching |
Verify only (sign via external tools) |
| DMARC | Full implementation Policy enforcement + reporting |
3rd party plugins |
| ARC | Verify + Sign Essential for forwarding/lists |
Limited/no support |
| BIMI | Brand indicators support VMC validation |
|
| Content Analysis | ||
| Regular expressions | Hyperscan on x86_64 Multi-pattern matching, very fast |
Perl PCRE |
| Language detection | 60+ languages UTF-8 normalization, CJK support |
UTF-8 support (v4+) Limited language detection |
| HTML parsing | Custom C++ parser Structure analysis, obfuscation detection |
Regex-based rules |
| PDF filtering | Custom parser Metadata & content extraction |
Basic support |
| Phishing detection | Advanced Lookalike domains, URL redirector, external feeds |
Basic URL checks |
| Reputation & Blacklists | ||
| DNS blacklists (RBL) | 50+ preconfigured Async parallel queries |
Standard RBL support |
| URL blacklists (SURBL) | Full support + URL extraction | Full support |
| Custom maps/lists | Dynamic reload HTTP/file maps, regex/glob matching |
Static files Requires restart |
| IP reputation | Built-in learning Automatic scoring from history |
Manual configuration |
| Statistical Classification | ||
| Bayes classifier | 2-word window Better context awareness |
1-word (unigram) |
| Bayes autolearn | Custom Lua rules Token expiry, per-user/language |
Threshold-based |
| Neural networks | Multi-layer perceptron Automatic weight optimization via kann Separate networks by message size |
|
| Fuzzy hashing | Built-in distributed storage Replication, encryption, clustering |
External (Pyzor, DCC, Razor) |
| Razor support | ||
| DCC support | ||
| Pyzor support | ||
| Data Storage Backends | ||
| Redis | Primary backend Sentinel/Cluster support, connection pooling |
Optional (3rd party) |
| SQLite | ||
| MySQL/PostgreSQL | Use Redis instead | |
| File-based | For small setups | |
| Policy & Anti-Abuse | ||
| Greylisting | Built-in Redis-backed, configurable delays |
External (milter-greylist) |
| Rate limiting | Flexible rules By IP, sender, rcpt, user, custom |
External tools |
| Reply tracking | Whitelist replied senders Automatic reputation boost |
|
| Force actions | Per-module control Override scores with policies |
Limited policy control |
| Scalability & Clustering | ||
| Native load balancing | Proxy worker Round-robin, hash-based, least-conn |
External LB required |
| Horizontal scaling | Designed for clustering Shared Redis state |
Manual setup required |
| Configuration sync | Central config repo (Git/Ansible) | Central config repo |
| Inter-node encryption | HTTPCrypt protocol X25519 + XChaCha20-Poly1305 |
TLS/VPN required |
| External Integrations | ||
| Antivirus scanning | Multiple engines ClamAV, Sophos, Kaspersky, etc. |
Via Amavis |
| External services | HTTP callbacks Custom classifiers, GPT integration |
Limited plugin support |
| Analytics/Logging | ClickHouse, Elasticsearch Structured exports |
Syslog, limited structured data |
| Development & Support | ||
| Licence | Apache 2.0 | Apache 2.0 |
| Development activity | Very active Regular releases, new features |
Active Maintenance mode, stable |
| Documentation | Comprehensive Modern, searchable, examples |
Extensive Mature, detailed |
| Community | Discord, Telegram, mailing lists | Mailing lists, IRC, GitHub |
|
|
|
Use Case Recommendations
When to Choose Rspamd
High-volume mail systems (100K+ messages/day):
- Event-driven architecture handles load efficiently
- Single server can replace multiple SpamAssassin servers
- Native clustering and load balancing
Modern infrastructure (containers, cloud, microservices):
- Stateless workers with Redis for state
- HTTP/JSON API for easy integration
- Prometheus metrics and structured logging
- Docker/Kubernetes friendly
Advanced filtering needs:
- Machine learning (neural networks, adaptive scoring)
- Complex policy enforcement (rate limiting, greylisting)
- Real-time updates without downtime
- Custom Lua plugins for specific requirements
Operational excellence:
- Built-in web UI for monitoring and management
- RESTful API for automation
- Zero-downtime configuration reloads
When to Choose SpamAssassin
Existing SpamAssassin deployments:
- Already have tuned SA rules and configurations
- Large existing Perl plugin codebase
- Upgrade from older SA versions
Low-volume mail systems (< 10K messages/day):
- Simpler setup, fewer moving parts
- No Redis requirement
- File-based storage is sufficient
Perl expertise:
- Team has strong Perl skills
- Need to leverage Perl ecosystem
- Custom Perl plugins already developed
Specific plugin requirements:
- Need Pyzor support
- Require specific SA plugins not in Rspamd
Migration Path
If you're migrating from SpamAssassin to Rspamd:
- Parallel deployment: Run both systems in header-only mode to compare results
- Retrain statistical classifiers: Bayes databases are not compatible; retrain with your mail corpus
- Rule conversion: Most SA rules have Rspamd equivalents; some custom rules may need Lua conversion
- Performance tuning: Start with default config, tune based on your mail patterns
- Gradual transition: Move users/domains incrementally once confident
See the SpamAssassin migration guide for detailed instructions.
Performance Comparison
Real-world performance metrics from production deployments:
| Metric | Rspamd | SpamAssassin | Improvement |
|---|---|---|---|
| Messages/sec/core | 5-10 | 0.5-2 | 10-20x faster |
| Scan time (typical) | 50-200ms | 200ms-2s | 4-10x faster |
| Concurrent connections | 100+ per worker | 1 per worker | 100x better |
| Memory efficiency | 50-100MB/worker | 30-50MB/worker | Similar |
| Setup complexity | Moderate | Simple to Moderate | Depends on scale |
Conclusion
Both Rspamd and SpamAssassin are excellent spam filtering solutions, but they target different use cases:
- Rspamd is the modern choice for high-performance, scalable deployments with advanced features and machine learning
- SpamAssassin remains a solid choice for smaller deployments and organizations with existing SA infrastructure
For new deployments or high-volume systems, Rspamd offers significant advantages in performance, features, and operational capabilities. For existing SpamAssassin users with low-volume requirements, staying with SA may be the path of least resistance.
Note: DSPAM, previously included in this comparison, is no longer actively maintained and is not recommended for new deployments.