For the past few years the anti-spam system I run has been based on a simplified version of something I previously ran commercially.
Although the code is similar in intent there were both explicit feature removals, and simplifications made.
Last month I re-implimented domain-blacklisting - because a single company keeps ignoring requests to remove me.
So LinkedIn.com if you're reading this:
- I've never had an account on your servers.
- I find your junk mail annoying.
- I suspect I'll join your site/service when hell freezes over.
I've also implemented TLD-blacklisting which has been useful.
TLD-blacklisting in my world is not about blocking mail from email@example.com (whether in the envelope sender, or the from: header), instead it is about matching the reverse DNS of the connecting client.
If I recieve a connection from 188.8.131.52 and the reverse DNS of that IP address matches, say, /\.sa$/i then I default to denying it.
My real list is longer, and handled via files:steve@steve:~$ ls /srv/_global_/blacklisted/tld/ -C ar br cn eg hr in kr lv mn np ph ro sg tg ua ve zw aw cc cy gm hu is kz ma my nu pk rs sk th ug vn be ch cz gr id it lk md mz nz pl ru su tr uy ws bg cl ec hk il ke lt mk no om pt sa sy tw uz za
On average I'm rejecting about 2500 messagse a day at SMTP-time, and 30 messages, or so, hit my SPAM folder after being filtered with CRM114 after being accepted for delivery. (They are largely from @hotmail and @yahoo, along with random compromised machines. The amount of times I see a single mail from a host with RDNS mysql.example.org is staggering.).
(Still looking forward to the development of Haraka, a node.js version of qpsmtpd.)
ObQuote: "Mr. Mystery Guest? Are you still there? " - Die Hard