Spam, spam, spam. No not the famous Monty Python skit or that canned substance I ate in summer camp. I'm talking about those penis enlarging emails, lottery winnings, and hot stock tips that arrive in your mail box daily. Though there are tons of solutions out there, we've found one that is working reasonably (>95%) well for us: DSPAM.
With an old domain name and our emails being spread about the net for years, we get a fair amount of spam. We used to use a great product called MailScanner, but over time, the effectiveness of it began to wane. MailScanner relies on SpamAassassin, which can work great but we simply grew tired of updating it, false positives and other issues. So I started hunting for a new solution. I found that solution in DSPAM.
DSPAM is a bit different than some other spam tools in that it is not "rule-based". There are no rules to update. The system relies on you training it and then using some fancy algos to learn the type of email you receive.
Adaptive learning is highly effective if you have narrowly defined email. For example, our billing and support accounts get very specific types of good email. DSPAM can quickly tunnel in on the good stuff and bad stuff and start delivering 90% or better accuracy rates in a few hundred emails.
Along with DSPAM, we wanted Anti-virus solution as well. So for awhile we were running MailScanner in-front of DSPAM, but this was rather heavy handed, and I did not want another bit of software to manage. I found our solution in a ClamAV Milter for sendmail. Using this Milter (mail filter), we now had in-line anti-virus scanning within sendmail. (There is an option to have DSPAM scan for viruses as well but I did not find it until after looking for the milter solutions).
So at this point, I had DSPAM for Anti-Spam and ClamAV for Anti-Virus. I was pretty happy with the results but we were still getting certain classes of spam, such as Japanese characters, that I wanted to eliminate.
I started looking into character set based milters. There are a number or recipes out there but I put in filters to block specific problematic character sets. These blocks are nice as the block the email; they just don't tag or drop it but send a error back to the sender that says "we don't accept your charset". They only issue is that some spammers are more clever than most and put the email body in a multi-part message, so these unwanted charsets still slip though.
Looking for even more gains, I turned on Sendmail's greet-pause feature. This works by forcing mailers to obey certain rules. Namely, the sending server must wait for the response to HELO before sending email. A lot of viruses and spam bots don't bother with this courtesy, so we block them.
I am still looking around for more add-ons. One solution we've worked with is an internal RBL (realtime blacklist). I don't like using 3rd party RBL's because we often have potential clients contact us because their IP is on an RBL. With an internal RBL, we can manage the list. For example, I can block IPs based on geography, e.g. China, or other criteria. If I find a good management tool for this list, this could further improve our spam filtering.
This is an ongoing project. I am much indebted to the great information over at Acme.com. They have a lot of great mail filtering tips.
A key thing here is that every little step helps. While DSPAM tags and quarantines a significant portion of the email, we are able to block about 10% of the spam at the door with the other techniques. As spammers turn to trickier methods like this PDF attachment spam, I will have to keep adding onto our spam filtering solution.
I hope by Fall, we've put together a nice collection of open-source tools that we can roll into a VMWare VPS and provide our clients with an easy to use mail gateway service/server for very low cost compared to the commercial solutions.
