I attempted to use Thunderbird's junk filter to deal with it, but it just didn't work for various reasons. First, it doesn't always flag it right, second, it doesn't save the bandwidth like a server based approach would.
My spam comes in a few categories:
- Compromised addresses. These are addresses that were given out to websites, companies, etc. that fell into the hands of spammers. I only ever get spam on these addresses.
- Bogus addresses. These are addresses that have never been on my domain.
- Spam sent to my actual main email.
Since it seemed that the bulk of my spam could be detected with a set of fixed rules rather than the sort of bayesian filter used by Thunderbird's junk email system, I dove into procmail.
Now, all email sent to my domain goes through a series of filters in this order:
- Any email sent to a compromised address is sent to /dev/null.
- Any email sent to one of a few special addresses are let through.
- Any email sent from someone I've specifically whitelisted is put in my main account. This includes both specific accounts that have been whitelisted and entire domains. (For example, any email from my work domain gets through.)
- Email that doesn't match the whitelist and is not to a none compromised address is moved to a folder called spam. (These are mostly bounces to emails for which a spammer forged a random address on my domain.) Once I'm sure it is working, this will change to /dev/null.
- Everything else is dumped in a folder called "unknown-sender" that I troll through periodically.
I started logging the results at 6:54 AM PST on Saturday 5/13/2006. It is now 3:04 PM PST on Monday, 5/15/2006. In that time, I've gotten:
- 468 emails deleted out of hand.
- 110 emails dumped in the spam bucket. (All spam)
- 2 emails marked as "unknown-sender" (both spam.)
- 7 legitimate emails.
For the moment, it seems to be working far better than even SpamAssassin ever did.
< Analysis of a WFC non-entry | BBC White season: 'Rivers of Blood' > |