From EZP Knowledge Base

SpamAssassin is a server side software that tries to identify potential spam emails. SpamAssassin does not delete spam messages, rather it simply tags them for you and leaves it up to you what you do with them. It uses a scoring system to determine what email messages deserve to be flagged as spam - in other words, the more "spammy" characteristics an email has, the the higher it's score is. Emails with high enough scores with the spam flag prize!

How does it work? Well... if they told us exactly how it worked, the spammers would be able to get around it. So instead they give us a general comment like " SpamAssassin uses a wide variety of local and network tests to identify spam signatures. This makes it harder for spammers to identify one aspect which they can craft their messages to work around.". Which makes sense. And in our experience, SpamAssassin is generally quite accurate, generating few false positives (good emails tagged as spam) and few false negatives (spam email not tagged as spam). With the volume of spam we all receive today, just about any tool to reduce it is a good thing (I think Martha has copyrighted that line).

One very neat thing I have noticed is that my Thunderbird email client has a specific options for trusting junk email headers set by SpamAssassin. I don't use Outlook but I would bet they have a similar option. This is great because I just have all SpamAssassin flagged mail sent to my junk folder for later review. Of course, I could always have my Thunderbird delete SpamAssassin flagged emails, but personally I am not comfortable deleting email without a human review.