I hate spam. I really, really, really hate spam. Most people do. None of this is probably a shock, given that I'm a security professional and heavy IT user. That being said, I've finally hit the wall with TMDA. For those not familiar with it, TMDA intercepts messages before they hit your inbox and quarantine them unless you've whitelisted the sender, or they confirm their message. In theory, this is an excellent way to go because people you know only need to confirm their message once, and after that they'll not get bothered again (unless they change email addresses).
However, in practice this doesn't work. Why? Mainly because not everybody gets it, no matter what you might put in the bounce-back confirmation message. Meaning, I end up having to go through my pending queue on a daily basis to see if mail has arrived from authorized sources that I may not have whitelisted (recruiters are a perfect example).
There's another problem, too, and one that has really driven me to the brink. TMDA is great for stopping mail from getting to my inbox, but it also facilitates bounce-back spam. Over the past couple months, I've detected a major increase in Russian-language spam where the intended recipients are listed in the "FROM" field, on the assumption that TMDA will bounce the message with a legitimate confirmation message - a message that also includes the spam. I am, then, unwittingly making the problem worse. And, for that reason, I'm done. TMDA is disabled, but I'm not letting the spam win.
Instead, I've fixed the simscan scans being run as part of our qmail setup. All messages are now getting scanned with ripmime, clamAV, and Spam Assassin, and messages over a certain threshold are going to get dropped silently. If I find legit mail is disappearing into the void, I'll then have to increase the threshold (or decrease it if too much bad stuff gets through). However, all told, I'm hopeful that this approach will be much more effective. And, for non-IT users, much less confusing.
We'll see how this little experiment goes. Hopefully it works out. I'd be curious to hear what others are doing for spam and how effective their solutions are.
