Everyone hates spam. I'm doing several things to cut down on spam:
- Using sendmail's anti-relaying rules. This doesn't cut down on my spam,
but keeps spammers from using my system to send out more spam. I've noticed
that RoadRunner does an open relay test on me about once a month, so at least
they're trying to make sure their customers run secure mail servers.
- Greylisting using
causes mail from servers that haven't talked to my mail server recently to
be rejected with a temporary failure. The theory is that real mail servers
will try again, but spam software won't bother. I've been running this since
mid-2006, and it's cut way down on the spam reaches me.
- Filtering locally-deliverable mail through
SpamAssassin, which tags probable
spam messages by adding some headers and altering the subject line and
body. It decides what's spam by giving points to each message for things
common in spam (phrases like "make money fast," or the use of large fonts),
and if the score is above a configurable threshold, it marks the message
- Enabling SpamAssassin's
classifier, which can be trained to learn what spam looks like.
- Enabling Vipul's Razor checks
in SpamAssassin. This checks the "fingerprint" of each message against
Razor's servers to see if anyone has reported the message as spam.
- Enabling DCC checks
in SpamAssassin. This checks each message's fingerprint against the DCC
servers, much like Razor. But with DCC, people don't report whether the message
is spam or not, they just report that they received that message. The DCC
check tells me how many people have received that message before. If the
number of recipients is very large, it's probably spam.
Here's a graph of how much spam I receive: