I’ve seen a dramatic drop-off in email spam since implementing a greylist program a couple of months back. As odd as it may sound, greylisting works by initially rejecting all new incoming email with a response indicating a temporary rejection. A “real”, legitimate mail server will retry sending the email after a few minutes. A spam-generating virus program running on a hijacked computer generally will not. As a result, nearly all spam email just simply goes away… and none of the “good” mail gets lost.
The system keeps track of senders that have successfully delivered mail, and adds them to a whitelist of “known good” senders so that future mail from those senders doesn’t get delayed.
This system has allowed me to retire a very long list of filter rules to try to catch spam. The amount of time I have to spend dealing with it has dropped from a couple of hours per week to a few minutes per week. It’s not perfect — but then, nothing is. My employer spends tens or hundreds of thousands of dollars on anti-spam technology, and I still seen one get through every once in a while. For zero cost and near zero hassle, this works pretty well.