On Fri, Dec 18, 2009 at 06:22:37AM -0500, John Aldrich wrote: >On Friday 18 December 2009, Derek Simkowiak wrote: >> I've been tempted to use TMDA: >> >> http://tmda.net/ >> >> With TMDA, new email senders get a "Are you really a human?" >> >UGH! I *abhore* those things! I will not use them in my personal >correspondence for the most part!
GYAAAH! Seconded! These things CAUSE spam - the inevitable joe-jobs (somebody stealing, fr'instance, MY email address, and using it for the From: of a spam...) ... that means *I* get all the backscatter! Had it happen, to the tune of 5, 6, 10,000 messages in a day. The proper response to spam is not to generate more spam. Detect as much of it as you possibly can within the SMTP session and bounce it; the rest, simply drop it on the floor. Doing it that way *will* reduce both your spam load and your headache factor. I ran email for a friend's domain for some years. When I first took it over there were 12,000 attempts a day. By the time I gave it back, some four years later? it was down to 200. I use Spamhaus, a few basic RFC-enforcing rulesets, and a locally-generated set of blocklists of known recidivists. Greylisting helps sometimes, but in a major zombie-fed storm it actually hurts... and my traffic has got so low these days I've long since turned it off. (I know Speakeasy runs it, and Garrett said it bounces >95% of stuff on the first pass, never to return. Big win!) Bogofilter does content-based filtering on the backend, post-SMTP. It gets so little actual spam that it's having trouble recognizing it these days :) -- Glenn, long time spam buster
