For a long time, I’ve been using Postfix as my mail server, and it has a pretty good reputation for reducing spam simply using various header and RFC checks. After throwing blacklists into the mix, and without any other tool such as SpamAssassin, I had reduced spam by roughly 80-90%. But that still meant about a dozen succeeded in reaching my inbox, and the ratio was slowly increasing thanks to the recent vast deluge of pump-and-dump scams, so I decided I needed a solution.
Enter greylisting. Now any spam that manages to elude the blacklists gets bounced for a period of five minutes. In those five minutes, the blacklists will either be updated to include the source, or the spammer will fail to resend the spam from the same IP address. I installed postgrey–the slightly beefier greylisting system for postfix–yesterday, and for the entire day of January 24th, I received one spam. Yesterday was an unusually high email volume for me, resulting in 15 legitimate messages out of roughly 180 attempts. Of those, postgres and blacklists captured 163, and greylisting thwarted another 19.
Remember, I’m just one person. Sure I have half a dozen email aliases all pointing to me, but 92% spam seems indicative of deeper issues with the internet in general. I would hate to be an ISP or hosting provider these days. What we need in these trying times are spam-bounty-hunters, who would quickly become very rich as practically everyone with a computer immediately accosted them with sacks of cash. Send spam? Instant death! I think that would provide enough of a deterrent eventually. It’s certainly cheaper than all the computers and bandwidth ISPs are forced to buy to handle the volume. Who’s with me?