Spam is a rather difficult one to apprehend as it spoofs ip addresses and email addresses.
And at times, may just be a plain text mail, or an html mail with hardly any content.
In most cases, spam solutions scan the mail(checking for viruses, and spam… in this case, using SpamAssassin ) and score it by :
- checking for number of Url’s, eg. www.random/random123
- checking for certain words : viagra etc. and checking the contents html (content scanning)
However spammers use various methods to get passed this. ie instead of using “i” they use “1″, Thus searching for certain regular expressions is mainly in-affective.
Because SpamAssasin uses Bayesian filtering, usually ISP’s allow you to mark certain mail as spam or ham. This method however may help your firewall learn from its mistakes.
There is also a relatively new way to prevent additional spam, which is graylisting(greylisting).
I have noticed a lot of ISP’s have implemented this, but the effectiveness at times does cause
unwanted non-deliveries. Mainly to spammers(as spammers usually only send the mail once)
For first time legitimate mailers, the mail might be delayed, depending on the time of the senders’ mail servers’ re-delivery.
Another method is prioritizing a fake MX record before legitimate MX records. Therefore mail will first go to that fake server, and when no connection can be made, go forth to the next record. In most cases spammers dont rely on secondary records. So after the initial attempt, they disconnect and move on if no connection can be made.
So.. With that. Comes RFC. As being that I work at a University, it isnt exactly feasible to do content checking.
- You have already accepted the mail, so bandwidth is used.
- Viaga, sex etc can be legitimate words, especially for sex courses and science departments.
So my advice would be to check what the RFC dictates and implement it, as those standards are reliable enough to be affective against spam. One example would be to make sure that the emails’ senders address exists by attempting to deliver a mail to that address before receiving it.
These changes whilst using DNSBL blacklists(below) will help in the prevention of spam.