Mail Filtering News

20may2005 - New IP Address

Ran another experiment today, and this one had immediate and very good results. Over the past few days I've been setting up email on a second IP address (my ISP lets me have up to eight at no extra charge). I made a new domain name, mail.acme.com, which maps to the new IP address. I set up mail service on that name. I changed the address in all my local files (which was made a lot easier by the previous experiment, hiding the email addresses). And (the hard part), I got all my friends, mailing lists, and web site accounts to change my address to use the new domain name. Then today at 1pm I did the switchover by changing one firewall rule to block port 25 on the old IP address.

I let things run this way for 5 hours, until 6pm, and then changed the firewall rule back. You can see the results in the stats graph snapshot on the right. Since the new domain name is almost unknown to spammers and viruses, my traffic immediately dropped to near zero. Raw connection attempts decreased from 100,000/hour down to 6,000/hour. Loadav went from 5 or 6 to 0.1 or 0.2. Even my CPU temperature decreased, from around 90F to 80F. Legitimate email was not affected.

After a few more days to look for loose ends such as low-traffic mailing lists I forgot about, I'm going to make the change permanently.

I expect the improvement will not be permanent, though. After a while the spammers will add my new address to their lists and traffic will pick up again. Perhaps the previous change I made, hiding my web page email addresses, will help delay this process. Also, my friend Jordan speculates that some spammers canonicalize addresses that have three-level domain names down to two; if so, then those folks will turn mail.acme.com back into acme.com, which won't work, so I'll never hear from them.


Back to Mail Filtering News.