Towards Spam Filtration Perfection
Staff was so delighted to be relieved of the spam burden I received a round of applause at the all-staff meeting today. It was nice. Tweaking the spam filter has monopolized me for the last couple of weeks. At this point it might be a touch too strong but overall spam has been reduced by as much as 90-95%. I'm not exaggerating. The stats are interesting too. Over 80% of all the mail coming to us, including nonexistent addresses, is spam. No wonder the server was crawling! Here's the current setup:
SpamStopsHere (site) is an offsite spam filter. Our MX Record (info) has been set to exclude our email server, pointing only to three SpamStopsHere servers that reroute mail to us. Our firewall is setup to only accept SMTP traffic from SpamStopsHere servers. In this way no spammer can bypass the SpamStopsHere service.
There are several settings to help fine-tune the system. Most every option has been activated at this point, including two custom filters I created. The most obvious filters, like blacklists and phrase and IP matching, are set to reject the emails with a custom message explaining why the message was rejected and what the sender can do about it. Many of the settings, especially initially, are configured to forward flagged emails to one in-house email address I created. This allows me to review what is being caught, which has helped with the tweaking and allowed me to forward legit emails to the right staff. Once I'm comfortable with this setup I will probably set everything to reject and put the burden on the sender.
I created one of my custom filters to catch image-based emails that seem to be increasingly used by spammers. I did this by catching anything with the code "src=cid" in the source. Of course this has caused a lot of false-positives because so many people embed images into their newsletters, signatures, etc., through mail programs that use that code. Still thousands of actual spam messages have been caught as well. I might still get rid of this custom filter and setup SMTPTracker (site) as a commentor suggested (post). It's free for non-profits. The combination, I hope, will reach spam filtration perfection.
SpamStopsHere (site) is an offsite spam filter. Our MX Record (info) has been set to exclude our email server, pointing only to three SpamStopsHere servers that reroute mail to us. Our firewall is setup to only accept SMTP traffic from SpamStopsHere servers. In this way no spammer can bypass the SpamStopsHere service.
There are several settings to help fine-tune the system. Most every option has been activated at this point, including two custom filters I created. The most obvious filters, like blacklists and phrase and IP matching, are set to reject the emails with a custom message explaining why the message was rejected and what the sender can do about it. Many of the settings, especially initially, are configured to forward flagged emails to one in-house email address I created. This allows me to review what is being caught, which has helped with the tweaking and allowed me to forward legit emails to the right staff. Once I'm comfortable with this setup I will probably set everything to reject and put the burden on the sender.
I created one of my custom filters to catch image-based emails that seem to be increasingly used by spammers. I did this by catching anything with the code "src=cid" in the source. Of course this has caused a lot of false-positives because so many people embed images into their newsletters, signatures, etc., through mail programs that use that code. Still thousands of actual spam messages have been caught as well. I might still get rid of this custom filter and setup SMTPTracker (site) as a commentor suggested (post). It's free for non-profits. The combination, I hope, will reach spam filtration perfection.
FeedBurner
0 Comments:
Post a Comment
Links to this post:
Create a Link
<< Home