When used selectively, blacklists combined with spamd are powerful, precise, and efficient spam-fighting tools. The load on the spamd machine is minimal. On the other hand, spamd will never perform better than its weakest data source, which means you will need to monitor your logs and use whitelisting when necessary.

It is also feasible to run spamd in a pure greylisting mode, with no blacklists. In fact, some users report that a purely greylisting spamd configuration is about as effective a spam-fighting tool as configurations with blacklists, and sometimes significantly more effective than content filtering. One such report that was posted to openbsd-misc (accessible among other places via http://marc.info/; search for the subject “Followup - spamd greylisting results”) claimed that a pure greylisting configuration immediately rid the company of approximately 95 percent of its spam load.

I recommend two very good blacklists. One is Bob Beck’s “ghosts of usenet postings past”-based traplist, generated automatically by computers running spamd at the University of Alberta. Bob’s setup is a regular spamd system that removes trapped addresses automatically after 24 hours, which means that you get an extremely low number of false positives. The number of hosts varies widely and has been as high as 670,000. While still officially in testing, the list was made public in January 2006. The list is available from http://www.openbsd.org/spamd/traplist.gz. It is part of recent sample spamd.conf files as the uatraps blacklist.

The other list I recommend is heise.de’s nixspam, which has a 12-hour automatic expiry and extremely good accuracy. It’s also in the sample spamd.conf file. Detailed information about this list is available from http://www.heise.de/ix/nixspam/dnsbl_en/.

Once you’re happy with your setup, try introducing local greytrapping. This is likely to catch a few more undesirables, and it’s good, clean fun. Some limited experiments, carried out while writing this chapter (chronicled at http://bsdly.blogspot.com/, entries starting with http://bsdly.blogspot.com/2007/07/hey-spammer-heres-list-for-you.html ), even suggest that harvesting the invalid addresses spammers use from your mail server logs, from spamd logs, or directly from your greylist to put in your traplist is extremely efficient. Publishing the list on a moderately visible web page appears to ensure that the addresses you put there will be recorded over and over again by address-harvesting robots, and will provide you with even better greytrapping material, since they are then more likely to be kept on the spammers’ list of known good addresses.