I get a lot of spam at work. Over the years I’ve taken lots of steps to try and cut it down. For a start, we reject any traffic that comes directly from an ADSL/cable residential address. The better ISPs have good reverse DNS that make this possible. Bogus HELO strings and other tricks jelp get rid of the worst offenders.
We also use a couple of good public blacklists and one we maintain ourselves. We used greylisting for a long time, but that party is now over. The rest of the spam that gets through is dropped (definitely spam) or quarantined (maybe spam) by SpamAssassin before being discarded.
The maybe spam is collated at night and in the morning I have an e-mail message saying that I have 130 messages that arrived for review. Sometimes more, sometimes less, but always around 100.
A few days ago, the e-mail messages began indicating that only 20-30 message had been quarantined. I asked one of the guys who looks after the mail server if he had introduced some new fancy technique that was cutting out the spam before it got to the inside server where SA runs. He looked puzzled, and then mentioned something about a US ISP being shut down.
I looked at the news links he sent me, and compared dates, and yes, the shutting down of McColo Corp corresponds quite precisely in the reduction of my spam. A factor of about 5.
The claims being made in the press do seem to be confirmed by my experience. It’s amazing that one single entity in the world should be responsible for such a large proportion of spam though. The trouble is, spammers are anything except stupid, and I fear this exercise will simply teach them the danger of having all their eggs in one basket.
So I assume it’s only a matter of time before my spam counts climb back up to their usual levels.