1. First Layer of Defence: Our MTA, Postfix, is configured to refuse to accept delivery of mail that has characteristics that make it look like spam.  What happens to these messages at this stage is up to the server that tried to pass the message to us—we refuse to accept it, so it’s final disposition is up to them.  Some of the things we have configured Postfix to look for are:
   1. Mail from servers that do not obey a variety of internet standards.
   2. Mail from, or that passed through, servers on several “black lists” maintained by various organizations, including BroadSky; these servers could be on these lists because they have a history of sending spam, or because they are "open relays" that allow spam to be forwarded through them.
   3. Mail that appears to have been sent from a PC directly to a mail server that wasn’t run by their ISP (usually mail is sent from your PC to your ISP’s mail server, and then from their to its final destination; PCs that send mail directly to final destinations are usually spammers or zombies controlled by spammers).
   4. Mail who’s subject contains words or phrases that are typically used in spam (“Buy V-i-o-x-x cheap!”) or that use foreign character sets or special encodings.
   5. Mail that specifies a return address that can’t be right.
   6. Mail that appears to have been sent by bulk email programs often used by spammers.
   7. Mail that has been forwarded to BroadSky servers by an intermediary server, where the intermediary server thought the mail was spam (but then helpfully went ahead and forwarded it to us, anyway).
   8. Mail to which executable code is attached (executable attachments are usually viruses).
2. Second Layer of Defense: Once mail has been accepted by us for delivery, we run it through a program called “SpamAssassin”, which applies over 1,000 spam-detecting rules to the headers, body, and attachments of every mail message.  Each of these rules that triggers on the message has a weight (assigned by a neural network), if if the total “spam score” of the message goes over a threshold it’s marked as potential spam, but still delivered. . . if it goes past an even higher threshold, then it isn’t even delivered at all, but instead is sent to our system administrators to review.  Our experience is that almost all spam that gets through Postfix gets blocked by SpamAssassin.  SpamAssassin’s checks include:
   1. Doing a more detailed analysis of message headers to see where the message has been and to detect forged headers.
   2. Looking for key phrases and obfuscatory techniques used by spammers.
   3. Comparing text in the message against internet databases of known spam messages.
   4. Comparing the contents of the message to spam messages SpamAssassin has seen recently.
   5. Finding websites mentioned in the body of the message, and comparing them to internet databases of websites that advertise via spam.
3. Third Layer of Defense: All the mail SpamAssassin blocks from delivery, along with any mail messages that customers tell us are spam that somehow got through all of the above checks, gets reported to the relevent ISPs, network providers, and spam “black lists” via the SpamCop service.  Every company who’s servers or network was used in sending or forwarding the spam, or that provides services to spamvertised websites, receives a report detailing which of their customers is sending spam.  This process doesn’t keep the spam message in question from being received in the first place, but does tend to make life difficult for spammers and thus to reduce the volume of incoming spam we receive.

Finally, our staff spends several hours per week looking at how well all of this is working, and then tuning and tweaking the whole process.

As one additional step, which doesn’t necessarily have any short-term impact on spam, we have joined Project Honeypot, and so have set “bait” for spammers trying to harvest email addresses from our websites, bait that allows us to monitor their activities.