What I read is that spammers have started to change their IPs very fast, which results in spam mails being more likely to falsely pass RBL Filters.

So what to do about it? There are several possibilitys. One is to use a tool like Spamassassin that can check the mailbody (and the links in it) against databases on the internet and/or their internal (learning) filter.

But I’m not quite convinced yet to use such a system. It’s not just the configuration that might be a little more complicated than eg. RBLs. What also scares me off a little is the maintaining effort. A system like that is very likely to have at least a few false positives, that have to be marked as such, so that the system can ‘learn’ from it. I don’t know yet whether I like that kind of a solution.

But what else is there?

Is Greylisting an answer?
How it works is basically that it at first refuses any email that someone is trying to send to your server with an error like a server misconfiguration error. The sender’s IP is stored then, and after a little while (say, something like 5 minutes), when (and if) the server tries to resend the message to you, it will be accepted and the sender will be added to a whitelist.

The hope in that is that spammers either won’t try to send the email again, or that those extra 5 minutes were enough for the spammers to be detected by services such as spamhaus.

The idea is good, and I think I will implement greylisting on my server and try it – also to see how many ‘real’ mailservers and (free)mailservices there are that also do not try to resend an email after a failure (that would be a false positive then).

Attention: WEIRD!! To attract some spammers for testing purposes, I’m just publishing another emailaddress:

stest@klappspaten.info