RBL, finally

After years of resisting it (too many legit messages dropped) I have finally implemented the RBL on my mail server. It’s gotten absolutely absurd. I’m dropping almost 90% of all incoming email as spam, and there’s still a significant number of spam messages that make it trough every day.

So, that was the first thing I did. Then I added a rule to drop all incoming email from .ru and .kr domains. And finally I added the list at http://www.securitysage.com/files.html of hosts and email addresses that are known spammers.

This is all stuff that postfix will do before it even makes it to SpamAssassin. We’ll see how this affects things. I suppose I don’t have particularly high expectations. But I can already see in the logs that it is dropping some of the connections that I expect it to drop, even before it considers the message itself. So maybe it will actually make a difference.

Oh, yeah, and I discovered one of the reasons that my filters weren’t catching the FLOOD of viagra spam. Turns out that the messages contain HTML comments in the middle of words, causing SpamAssassin to not see the keywords. In fact, the majority of the message was composed of HTML comments. Stuff like vi<!–jksdfoew–>agra for example. So I added a rule to SpamAssassin to look for “viagra” with, optionally, HTML comments between any pair of letters. I haven’t seen viagra spam since then.

It amazes me that these people will go to such lengths to send me email when it is obvious by their actions that they *know* I don’t want to get it. That is, they are intentionally and aggressively violating my wishes.