Thursday, April 10, 2014

The amount of spam I am receiving has decreased, or has it?

Having moved me email domain between three different hosting services this year I have noticed a big variation in the amount of mail being trapped by my spam filters. The rolling thirty day average has been:

Host 1 : 250-300
Host 2 : 800-900
Host 3 : 50-100

Why the big difference? Well, all hosting companies use real-time blackhole lists (RBL's) to prevent the most blatant spam from getting through. This has more to do with protecting mail servers from overloading than protecting customers from spam. When a mail server connects the receiving mail server looks up that server on a list and denies connection if it appears on it. This prevents the server having to open, write to and close a file, saving processing and I/O resources.

Real-time blackhole lists are lists of mail servers known to be originating spam. There are many in existence. Some are more severe than others. Some block whole countries, some never remove a server once it has been detected sending spam. My guess is that Host 1 was using something like Spamhaus to temporarily block the worst offenders, Host 2 was not using RBL's and Host 3 is using something far more severe.

One slightly worrying aspect is that I am currently unable to receive receipts by email from a company I buy IT gear from. This may be because the server generating them has been blacklisted. There is no real way of knowing for sure.