It almost seems like the amount of spam I get has been decreasing:<\/p>\n\n
The labels on that graph are deceptive; the “spam” and “virus” labels refer to things measured with a tool I don’t use, and mail shouldn’t be bounced; that refers to an initial configuration error. But the number of rejected e-mails is the volume of spam. (Technically, it’d include mail sent to non-existent addresses… But the only people who’ve done that are spammers.)<\/p>\n
Oh, and check out my spam map<\/a>, which I threw together a while ago. It uses MaxMind’s databases<\/a> of IP-to-country mappings to determine the country each message originates from, counts the number of entries for each country, and then plots it using the Google Chart API<\/a>. It has a rather distinctive shape, but for those of you wondering about that dark blue one in the Middle East, it’s Turkey, and it’s topped the list of spammers for a while now, for some reason. Russia is also a pretty notable spammer, as is, of course, China. But you can see that spam is hardly a problem that comes from just a few countries: the US is a fairly dark shade of blue, as are quite a few South American nations.<\/p>\n I’m increasingly wanting to write my own plugin for Postfix. Currently, my mailbox doesn’t get any spam, but one mailbox on another domain gets a small volume, maybe one message week. SpamAssassin catches it (usually giving it a score of something like 25, with a score of 5 being needed to classify it as spam), but SpamAssassin takes a couple seconds for each message. (Much of this, actually, is that it goes off and queries several DNSBLs, so it’s waiting on remote servers to respond.)<\/p>\n There are two things that are actually very effective against spam that I don’t use: rejecting mail based on DNS blacklists, and requiring HELOs to be fully-qualified domain names. The trouble with the former is that historically, many blacklists have gotten full of themselves and started listing whole networks, aiming for “collateral damage” to make companies get rid of spammers, but causing mailservers to reject innocent mail. Requiring HELOs to be FQDNs caught way more spam than I’d have expected, but I grew concerned that, strictly speaking, it didn’t set spammers apart: a not-so-hotly configured legitimate mailserver could identify itself with a short name (“exchange1” instead of “exchange1.example.com” for example).<\/p>\n What SpamAssassin (the software that scans the body of a message for ‘spamminess’ after it’s accepted) does is scoring. It does lots and lots of checks, and each check has a predefined score. Some things only increment the score a tiny bit, others increment it a lot. Some actually decrease the score, when it identifies things that usually occur only in non-spam. I want to write a plugin for Postfix that does that. Being in Spamhaus<\/a>‘ blacklists might increase your score by 3, whereas the DNSWL<\/a> would be -10. A site known for being a little more aggressive, like UCE-Protect<\/a>, might be +1.5 or so. A non-FQDN HELO might be +2.5. And then I can route mail accordingly. Anyone with a negative score would be accepted and automatically whitelisted; anyone over 5 would be rejected and blacklisted, and anything in between would just be accepted. I’m actually surprised this sort of thing doesn’t exist. You can get very accurate results anyway, but I find it hard to believe that the idea of “scoring” mail during the SMTP session itself is something I invented.<\/p>","protected":false},"excerpt":{"rendered":" It almost seems like the amount of spam I get has been decreasing: The labels on that graph are deceptive; the “spam” and “virus” labels refer to things measured with a tool I don’t use, and mail shouldn’t be bounced; … Continue reading