spamd in greylisting mode without any blacklists has been working pretty
well here at work and at home for the past couple weeks. however, at
work i noticed that a considerable amount of spam was getting through
and was confused as to what was going on. from the get-go i noticed that
one employee was receiving ~50% of the inbound spam for the whole
company, but did not figure out what was happening until a few minutes ago.
apparently, the employee had been replying to the spam and/or following
the links contained therein in hopes of "removing themselves from the
'spam list'". this was whitelisting a lot of spammer IPs due to spamlogd
running without -I. i have since told the employee that responding to or
clicking links from spam is a bad idea.
is there any way to work around users like this besides not whitelisting
outbound mail? a spamlogd "blacklist" of users that do not have the
outbound mail IPs whitelisted is a thought, but maybe not the right idea.
cheers,
jake
- spam story Jacob Yocom-Piatt
-
