Where Has All My Spam Gone?

An anonymous reader writes "I have my own domain, which has its own email server, where I receive all my personal email. I've been getting about 800 emails a day, of which perhaps 20 are real. Suddenly, Sunday or Monday evening, the spam pretty much stopped. My volume of mail has plummeted to less than 100 a day, and as far as I can tell, I'm not missing any real mail — I'm still getting the email list subscriptions I'm expecting, and every time I ask someone to send me a test message, it gets through. My domain host insists that it doesn't do any spam filtering before mail gets to my inbox, and that they've changed nothing about their configuration. I run SpamAssassin on my server to mark, but not delete, spam, and download the whole mess to my home client, and I'm still seeing the occasional message tagged by SpamAssassin. But it's virtually all gone. And I haven't changed anything about my own mail configuration, or the harvestability of my site (my personal email has been harvestable for almost a decade). So what's going on? I can't believe that several major botnets would have vanished overnight. Any ideas?"

Hmm

[geminidomino]

*Checks mail logs*

Yeh, you need to ask the ISP again. No sign of slowing here.

Re:Hmm

[Southpaw018]

Thirded over here. Solid 7000/day for months (small business).

Re:Hmm

[y86]

Agreed. No changes in spam over here, my domain is still receiving the daily average of about 100 per day.

You should REALLY consider trying postgrey.

http://postgrey.schweikert.ch/

Postgrey on non whitelisted servers rejects the first mail attempt with a fail. The sending email server will retry X times, but the 2nd time it accepts it and adds the server to the whitelist.

Postgrey will add a 5 minute lag to an email that's sending server has never sent an email to you. It's worth it to screw the spammers zombies over IMHO.

Also, I would check your postfix/whatever you are using for a mail servers policy. I get 0 spam emails now and my address is posted all over the web.

I do have spamassassin running as well with sieve filtering to put what is marked as spam in a junk folder but the junk folder is empty, every now and then I'll see something -- but very rarely. Like once every 2 months.

Here's my spam prevention system :-)

smtpd_recipient_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    reject_non_fqdn_sender,
    reject_unknown_sender_domain,
    reject_non_fqdn_recipient,
    reject_unknown_recipient_domain,
    reject_unauth_destination,
    reject_rbl_client zen.spamhaus.org,
    reject_rbl_client bl.spamcop.net,
    check_policy_service inet:127.0.0.1:60000

Re:Hmm

[j-cloth]

A huge second to PostGrey. It kills 90% of my incoming spam before it even touches spamassassin. However, I have noticed a few people who receive failure messages from their mail systems telling them that they've been greylisted before the mail goes through. Then uppy-ups whine to me.

Re:Hmm

[wmbetts]

I use to read a lot of not so nice forums when I was really into Info Sec and I always heard them referred to as "The Russian Business Network"

One down

[canderley]

Per Ars, a 100,000 machine bot net was shut down recently. http://arstechnica.com/news.ars/post/20080814-police-nab-shadow-creators-force-botnet-to-commit-suicide.html

Infected PC are offline during summer ^_^

[Kirys]

Most spam is sent by bot-nets, mostly composed by infected pc of workplaces, school and private homes. In many countries during the second and third week of August many schools and workplaces are closed so their pc are just turned off, this mean that the bot-nets have less active nodes and so are less effective. I do receive less spam too but I think that it will be back to the sad old amount at the end of the summer :(

Re:I'm getting it

[petermgreen]

and you will block quite a few legit bounces too for two reasons

1: 12 hours is nowhere near long enough
2: the message may be routed through multiple servers before finally getting bounced.