In the last few weeks, it seemed like I was getting more spam. More messages being marked as spam, and more spam leaking into my inbox. Since I keep stats of messages marked as spam by SpamAssassin, I created a nice, pretty graph of my spam, all the way back to September 2004:
Strong spam has a SpamAssassin score of over 15. This stuff goes straight into a mailbox and I never, ever look at it. I would delete it, but I keep it around for bayesian filtering. Weak spam has a score between 5 and 15. The intent is that I would peruse these messages looking for non-spam messages that were incorrectly marked as spam. But as you can see from the graph, I’m getting increasingly more weak spam, and it’s getting harder to manually scan them. For last few weeks, I’ve just been marking them all as spam.
Okay, with the terminology out of the way, notice the fairly high surge in spam the last six to nine months. My spam has nearly doubled from spring of last year. This is odd, since the FTC claims the CAN-SPAM act is working. To be fair, the FTC claims spam is down since 2003, and I don’t have data that far back. But it’s quite clear that spam is on the rise, and the CAN-SPAM act is not working for me. Granted, I don’t go through and try and unsubscribe from their lists, as one is supposed to do with CAN-SPAM. But I get over 1,000 spam messages per week! And from the subject lines of the ones I glanced at, there’s no way these are legit companies. I have little reason to believe that trying to unsubscribe and threatening them with CAN-SPAM violations will make ‘em stop. That’s just a waste of my time, and will probably result in more spam.
So how the heck can I reduce spam? My first thought is to upgrade SpamAssassin. I’m on an old version, and the newer versions usually have better rules. This will, most likely, increase the spam count, since it should result in fewer spam messages leaking into my main inbox. It should help the weak/strong ratio, though, marking more spam as strong spam, and making it easy for me to scan for legit messages marked as spam. But in the end, the number of spam messages I get per week is on the increase, and I don’t know of any good way to fix that. There are maybe one or two Postfix configuration options I can tweak to help. I could also try greylisting, but messing with SMTP just “feels” wrong. I know many people who swear by greylisting, though. As a last resort, I could start using Tagged Message Delivery Agent. However, that just seems like a lot of burden to put on legit people that mail me. Still, it may only be a matter of time before I have to resort to more drastic measures like greylisting or TMDA.