Having had previous success with the Great Wall of Spam and DSPAM, I was still a bit annoyed by the amount of spam making it to the DSPAM quarantine, and so to be periodically scanned and a small number of false positives permitted through.

I'd been hearing a bit about Greylisting, and Mike had had some good results with it, so thought I'd give it a go. A wee mail SNAFU last week was the trigger, and I installed qgreylist as a layer between IP blocking and DSPAM.

The way it works is like this: SMTP is designed to be tolerant of downtime of the recipient mailhost. So if a sending hosts discovers a problem, it'll wait a bit, then try again (and if it still has a problem, will wait for a longer time and try again - repeat for a few days until finally giving up). However, spam-sending software is designed for maximum volume throughput, not maximum %age reaching destination, both for not sweating the small stuff reasons, and because spam-senders tend to get blackholed within a few hours. So generally, it doesn't follow this part of the SMTP protocol.

So what happens when you deliberately cause a temporary problem to every piece of mail? Spam generally doesn't get repeated - it disappears before reaching your MTA. As long as you keep a track of mailservers that have tried to send you mail, and accept mail the second time around, real mail still gets through.

The results are impressive: my average 60-80 spams a day has been cut to around 10. Checking the DSPAM quarantine is no longer a nightmare if you leave it a few days. And as far as I know, no real mail has been lost.

Here's the graph of mail making it to DSPAM for the point and drool-obsessed: