I've noticed I get about 20 spam messages daily, but only 0 or 1 manages to avoid my spam filters.

How much spam are you getting?

Since I moved to my own server (for my "day"-job), none. I have an incredible anti-spam system. All free and open-source. I also haven't noticed any false positives either. My domain does get anything from 200 upwards per day, though, but it's all discarded. I am tweaking the system atm, and if anybody is interested, I'll try to post a bit of a guide on roughly what I did. Debian based.

If anybody wants to try to figure it out themselves in the meantime:

Postfix
Postgrey (greylisting - "cheap" on CPU and and gets rid of 99% of spam and most virusses and worms)
amavis (allows everything below)
dcc-client (heavily tweaked)
razor (heavily tweaked)
pyzor (heavily tweaked)
Spamassassin (extremely heavily tweaked - I pretty much ignore any blacklists and MANY other changes)
clamav (antivirus / antiworm)

All the tests happens in the order I typed above. The tests are done from least CPU/memory intensive to most. This way when the small, but effective tests are done, then the most-probably valid messages are inspected by the big-guns.

I like Postfix, but you can use any mailserver you like. Postgrey is postfix-specific, but you get greylisting solutions for other mailservers. Amavis is a "hack"/glue for postfix to allow it to do antispam, etc. Exim has exiscan, not sure about anything else.

What is Greylisting?
The first time anybody connects to your server, their mailserver will reject the message as a "temporary failure" - basically telling the other other sever that you have a temporary failure and they must resend the message in a couple of minutes. Your server then keeps a database of all greylisted connections, and will not allow one of those connections to reconnect within 10 minutes (can be configured). If a greylisted connection reconnects within 24 hours (but after 10 mins), they will be whitelisted, and will not be delayed next time they send you a message.

Why does this work so well? Spam-senders care about speed. If they had to retry everytime a message failed, they could only send a tenth of the amount of messages they do now. They don't retry, but valid e-mail servers will. They must - the smtp protocol forces them to.

With tongue firmly in my cheek, i'd recommend this. It doesn't solve the problem but may make you feel a little better about it.

http://www.spamwear.co.uk/

I used to get thousands per day. It got to the point where I decided to switch to an e-mail provider. I currently use fastmail.fm, which is very good. Let blocking spam be someone else's problem :)

I still get around 50 a day. I havent bothered with any antispam so far, I can easily delete them by hand (takes maybe 30 seconds of my time per day)

Started off with computers as a programmer, then turned system administrator for several years and am now moving back to coding. DIY is in my blood.

Retro64 is doing the right thing. Spam blocking is not a once-off program to install. It must be constantly tweaked and improved. The spammers are constantly changing their tactics, and if you don't do it as well, you'll eventually start to get spam.

I get around 5000 per day. I've had spikes in the past of over 100,000 per day. I also recommend using an email provider, they aren't expensive. I use MailSnare which has been a good service. Still, last year I had to get a VPS server just to use the 200GB bandwidth to prefilter email before it goes to MailSnare. I picked ServInt from a short list provided by Retro 64 on these forums and it has been a good choice.

I used to be pretty good at emptying my Yahoo Bulk Mail box throughout the day. Everytime I checked there were two or three messages, so it was manageable if annoying. These days I find that I only get to check it once in awhile. Sometime in the past few months I had to empty out my Bulk Mail folder without checking for false positives for the first time because I was not about to go through 800+ messages to see if some forward got stuck in there. Probably better that way. B-)

My blog was getting a lot of trackback spam, but it seems to have finally died down. I haven't received much in the past few days, whereas for weeks I've been getting 20 trackbacks at a time (meaning if there was a spam, there would be 20 or so messages...it always came in groups) for party poker, viagra, and whatever.

My own email domain has been getting spam for an email address that hasn't existed for years. I only use those email addresses for specific mailing lists and the like, so spam has been manageable. Thunderbird does a decent job of filtering.

Ahhhh SPAM,the bane of my life!!! : :(

On one email account I get anywhere from 30-50 a day!!!!! :mad:
And I've noticed some of the tricks they use aswell.Take for example the word 'VIAGRA',easy to stop,but now you have to stop all the bleedin' variations i.e. 'V.IAGRA', 'V1AGRA' etc.Bloody annoying!!!!! :mad:

Spamming should be made a capital offence I say!!! :p

Oh yeah,NEVER EVER click on the links inside,because that will just prove that the email address is indeed LIVE and you'll be bombarded even more!

All the best


Mark.

If you use an email account provided by your website hosting company, they may already have (free) tools to stop spam. The hosting company I have been using for several years now, Apollo Hosting, provides a free Postini account. I only wish I had enabled it earlier, because it works great. Almost no spam gets through, and hardly ever any false positives. And it didn't cost anything, but I didn't know about it until I noticed this little icon in my website control panel... ;)

I don't have experience with Apollo hosting, but I found that the antispam solution that comes with Cpanel is next to worthless. It uses a default spamassassin setup and nothing else.

Spamassassing MUST be tweaked for it to be usefull. It's default setup only catches about 50% of the average spam, in my experience.

In case I wasn't clear, Postini is a commercial anti-spam service. Tweaking is what they do. Accounts at my hosting provider come with a free Postini account. You could always get a subscription with Postini yourself, of course, but my point was: maybe your website host (or whoever handles your email) already provides something like that for free.

In case I wasn't clear, Postini is a commercial anti-spam service. Tweaking is what they do. Accounts at my hosting provider come with a free Postini account. You could always get a subscription with Postini yourself, of course, but my point was: maybe your website host (or whoever handles your email) already provides something like that for free.

Ahhh, I see. I doubt my host will give me anything free. I have a physical dedicated server for my hosting/email. I have a couple of big databases I need to host for my "day-job". With dedicated servers, you pretty much get a PC installed with an operating system of your choice and not much else. I'm happy with my antispam solution - it works for me, but I'm googling for postini. Maybe it's something I can use in the future.

Between a Yahoo account that has been used on newsgroups over the years and a GMail account that has been used nowhere to get harvested (but yet gets some spam), I get probably 50-ish/day. I use Spamnix for Eudora and haven't had a false negative in a long time.. but the occasional false positive, mostly ads from companies that I have allowed to send me ads. Since it's Bayesian-based, I just train it to recognize that I like ads from Real about their games. :)

Oh yeah,NEVER EVER click on the links inside,because that will just prove that the email address is indeed LIVE and you'll be bombarded even more!


That's why I stopped clicking on the "Remove me" links at the bottom. I can never be sure it is legit. And since it is spam, meaning that I didn't sign up for it, it likely isn't.

The "default" "built-in" address on my server gets far too many to even count, but fortunately, I never even use that one anymore. Unfortunately, it seems to be the only account I can't put a disk quota on, so it does eat up some disk space, but I'm working on finding ways around that.

My primary email I guard religiously and (knock on wood) haven't gotten anything in there. What I have also been doing is: I set up a generic address on my server ("business1") that is the designated one I give out to companies, web sites, order forms, and anything I don't trust 110%. That one has recently gotten up to about 10/day (ballpark figure), so I'm about to retire it and move on to "business2". Lather, rinse, repeat...

I've just started augmenting that by using BugMeNot.com (http://www.bugmenot.com/) to avoid all of that pointless "free registration required" crap. And I've also started using one of the throwaway email services: Mailinator (http://www.mailinator.com/) to decrease the need for the "business1" -> "business2" -> etc... approach.

Although, I have recently noticed that my new domain twistedpairgaming.com is the only one that seems to be receiving mesages. My older one abscissasoft.com and well as two other ailiases for twistedpairgaming.com seem like they may be having some trouble receiving messages. I need to get that straightened out. And I hope that's not the reason for the low spam.

I'm going to have to look into that greylisting more. That sounds really good.

I've tried some of the "trainable" filters on email clients (such as Mac Mail and Thunderbird), but none of them have been even remotely reliable for me. I've found simple rule-based ones to work FAR better.

I'm going to have to look into that greylisting more. That sounds really good.

You won't regret it. I've done some tests with greylisting when I just discovered it: I switched my personal domain over to only use grelisting with nothing else, and I think I got one spam message in two weeks. The advantage is it is much easier on your server than any other method. Minimal disk usage (couple of megs for a server processing thousands of messages a day), virtually no CPU usage, and RAM is also almost untouched.

The person that invented greylisting should be knighted or something.

My blog was getting a lot of trackback spam, but it seems to have finally died down.

I spoke too soon. B-(

800 spam-mails per day, most are filtered though.