A breakdown of email received and blocked by GreenNet’s main mail server, Jan 2008.
Going clockwise, the first stage is that some networks or sender addresses are known to send so much spam that we refuse connections from them, or they are attempting to relay through us (Access denied, 9%). The biggest reduction in spam is the 67% of occasions when we greylist email from an unknown source and it is never delivered to the mail server (where it would probably be detected as spam anyway). About 3% of connections are to a non-existent recipient address, often bounces. Of the remainder, we get to see the actual text.
In about 2% of all connections we can announce to the sending server that we have rejected the message because it’s so obviously spam or a virus (and any genuine sender would see a bounce message); otherwise we have to check using a tailored version of SpamAssassin. In 8% of the total (still the majority of what’s left of incoming email) we can confidently quarantine and later discard the message as we do with most viruses, while in just 1% where there is uncertainty we let the message through but it is marked (sometimes invisibly) by SpamAssassin. Virtually all of the remaining 10% of messages are genuine, half sent from GreenNet members, and half sent to them.
We conjecture that we get a slightly higher rate of spam (94%) sent to us than many service providers which is estimated at 90-93%, because many email addresses we host have been widely advertised on the web for over a decade. The actual rate of false negatives or positives is hard to determine on a live sample – all we can say is we rarely get complaints, except when a new type of spam emerges.
