We use spamhaus.org's blacklists as part of our anti-spam strategy for incoming mail. Unfortunately, we recently exceeded some threshold for accesses per day to the spamhaus.org public dnsbl servers and they blocked our access. This resulted in a higher than normal load on our spamassassin servers due to messages that otherwise would have been rejected before the content-examination phase being accepted. It's likely that this has also led to a higher than normal false-negative rate (spam not being tagged as such), simply because, if the percentages remain constant but the volume of mail increases, more spam will get through. Fortunately most of the mail that we were rejected really is easily detectable as spam by spamassassin, so nearly all of the increased volume did get properly tagged. A quick examination of my Spam folder backs up this hypothesis. We automatically delete messages older than 2 weeks from Spam folders on the CSAIL IMAP server, and so normally I can expect to find just over 6000 messages in my spam folder at any given time. Tonight, however, I find 11,000 messages.
I've signed the lab up for a trial membership of the spamhaus data feed service, which essentially allows us to mirror the spamhaus DNS zones. I deployed this over the weekend and just re-enabled spamhaus checks on the incoming mail hub. It seems to be working very well, and I'm excited to see the mail delivery performance return to normal. We'll sign up for the paid service soon, if everything continues to go well.
writebacks...
trackback
TrackBack ping me at:
http://people.csail.mit.edu/noahm/blosxom.cgi/spamhaus.trackback
comment...