Backscatter Spam

One of the areas where spam detection and filtering has always been difficult is with bounce backs - AKA backscatter. It's very difficult to scan these as they sometimes don't include all of the original message rendering heuristics ineffective (where AI reads and understands the message), and always include a header specific to the mail server it was sent from so that signature based scanning doesn't work. Every type and version of mail server attaches a different header making it difficult to detect what is and isn't a bounce.

Fundamentally, this is only a problem because some mail servers are badly configured and accept mail when they shouldn't. I can't change that.

Our solution:
The RocketUK mail servers now have the ability to detect and score and bounces. For the reasons above this is not infallable but has proved effective in testing.

378 out of 439 bounces received between midnight and 9:30am were marked or blocked as spam.
Previously, most of those would have been passed as clean.

The benefits:
This will markedly reduce the amount of junk bounce backs our customers receive.
I am unaware of any other ISPs having implemented this type of scanning.

Mail Server Quotas

We've always said that we have a mail quota but this has never been enforced.
We're now introducing quotas on mailboxes of 100MB. This affects almost no customers - 95% use POP3 and never leave more an a couple of MB on the server before downloading.

What is does mean is that we're able to provide more IMAP/WebMail services - where the users leave their mail on our servers rather than downloading to their own computers.
This is ideal for people who are more often mobile and don't have an office server looking after email.

Another mail filter

To reduce spam: in testing is a new filter ('policyd') which will analyse the patterns of other computers on the net sending us email. If the patterns match spam behavoir or they are caught sending spam we can automatically blacklist them for long periods of time.
Currently, hosts can't be automatically blacklisted.