Where Has All My Spam Gone?

An anonymous reader writes "I have my own domain, which has its own email server, where I receive all my personal email. I've been getting about 800 emails a day, of which perhaps 20 are real. Suddenly, Sunday or Monday evening, the spam pretty much stopped. My volume of mail has plummeted to less than 100 a day, and as far as I can tell, I'm not missing any real mail — I'm still getting the email list subscriptions I'm expecting, and every time I ask someone to send me a test message, it gets through. My domain host insists that it doesn't do any spam filtering before mail gets to my inbox, and that they've changed nothing about their configuration. I run SpamAssassin on my server to mark, but not delete, spam, and download the whole mess to my home client, and I'm still seeing the occasional message tagged by SpamAssassin. But it's virtually all gone. And I haven't changed anything about my own mail configuration, or the harvestability of my site (my personal email has been harvestable for almost a decade). So what's going on? I can't believe that several major botnets would have vanished overnight. Any ideas?"

Re:Okay

[kinzillah]

Perhaps he'd like to leave it to systems he controls? I, for one, would rather a third party weren't silently dropping mail that could be false positives.

Re:Okay

[qortra]

He isn't complaining. It isn't wrong to ask questions when things unexpectedly go well.

Re:Exactly.

[Arimus]

Assuming a third party isn't dropping your email... if they are then that's almost as bad the spam deluge - I'd rather be the one to decide what is spam than a third party who may or may not have a clue.

Re:Exactly.

[Minwee]

I, on the other hand, consider sudden, dramatic, and completely unexplained changes to the operation of systems under my control to be a reason to worry.

I'm just funny that way.

Re:we are all doooomed

[Ethanol-fueled]

Naw, just that the Russians have shifted all their botnets' attacks toward Georgia.

Re:Exactly.

[Bandman]

Amen.

It's like we speak the same language.

Change is good. Unexpected change is very, very bad.

Re:I'm getting it

[KillerBob]

I've seen a huge increase in both spam and particularly spam that makes it past my spam filter.

It's an arms race. They come out with a new message that tricks the filters into thinking it's real. The filters update and adapt. They rethink things and come out with a new junk message which sometimes succeeds, sometimes doesn't. When they find one that works, I start getting spam again until the filters adapt. Ad nauseum.

I've got my SpamAssassin filters set to update on a daily cron job, and it's always the same... Every week or two, I get a handful of spam messages getting past the filters. They're all basically the same. And it lasts for about a day before I stop getting spam again. So it comes in bursts for me, every time the spammers rethink the message they send out.

I've had my domain, and the same e-mail address for half a decade. My IP address did recently change when I moved into a new colo, but all of the DNS has updated already, so the spammers still know who I am. It's annoying. But it is manageable.

Re:I'm getting it

[nabsltd]

Don't you hate it that you have to deal with this sort of thing because some other mail server isn't configured correctly?

If all mail servers instituted the policy of "reject...don't accept then bounce", then there wouldn't be any blowback spam. Unfortunately, there is some MTA software that can't do the right thing without non-standard add-ons (qmail, I'm looking at you).

Re:Hmm

[Hatta]

Its long been suspected that the Russian government and Russian organized crime have cooperative links, if not outright overlapping "membership"

What is a government anyway but the most successful group of thugs imaginable?