Martin Schwenke

SPAM Filtering

I get a lot of SPAM, so I filter it heavily using:

Here are the steps involved:

  1. Greylisting in my mail server causes the sender of all messages with a new combination of source-IP, sender address and recipient address to be told to `try again'. Most spammers won't try again, because they're not running standards-compliant mail servers. Some genuine mail servers are broken or are badly configured, so they don't try again. :-(
  2. My mail server rejects mail from certain domains and IP addresses, as well as mail to certain recipients.
  3. I use TMDA's whitelisting capabilities. Matching messages should be delivered (or bounced) immediately.
  4. Undelivered messages are scanned by Clam AnitVirus. Messages containing viruses are archived for statistical processing. I don't read them.
  5. Remaining messages are processed by SpamAssassin (with a very low threshold). Messages identified as SPAM are archived for statistical processing. I don't read them.
  6. All other messages are held by TMDA. I receive a daily summary of held messages. Therefore, I only encounter (a summary of likely) SPAM once a day, but some messages are delayed for up to 24 hours.

Note that I only use TMDA's whitelisting, blacklisting and holding functions. I don't like challenge/response whitelisting systems for email because they generate too many false challenges to forged sender addresses. Therefore, I don't use TMDA's challenge/response functionality. I also don't bother with tagged addresses because my overall anti-SPAM strategy seems to work quite well without them.

Martin Schwenke <martin@meltin.net>
Last modified:
2007-08-09 11:28:14.
Valid XHTML 1.1 Valid CSS!