Here's another trick I'm experimenting with using my penalty box idea.
If an IP s listed with spamhaus - I just block them at connect time
because I trust them. But - there are several other lists that are 99%
accurate - but just not good enough to trust to block email. So - with
those lists I accepts one message every 5 minutes - running the message
through spam assassin - but for the rest of the 5 minute period I
temporarilly block it - returning temp errors.
I also do this if reverse DNS fails.
If the message is a real email it will retry and get through if there is
more that one coming from that IP. If it's just one and it's not spam it
gets right through. But - if there are 2 or more from blacklisted IP
addresses or no reverse lookup - then the others are delayed with defer.
Again - it's not about accuracy - it's about load reduction.
Also - I have a classification of spam I call low scoring spam. High
scoring spam I bounce or drop. But low scoring spam I tag as probably
spam and pass it. But - the low scoring spam puts the from address in
the 5 minute penalty box so if the spammer has manages to barely sneak
past the spam filter with one message - the other messages in the 5
minute winder are deferred hoping that the sucessful spammer won't come
back and retry the deferred messages. That would actually cut some spam out.
--
Marc Perkel - marc@???
Spam Filter: http://www.junkemailfilter.com
My Blog: http://marc.perkel.com
My Religion: http://www.churchofreality.org
~ "If it's real - we believe in it!" ~