Andy is pretty much right on, as I have to still ensure my own private mail server does similar. By pure numbers, about half of the messages that hit my server are blocked before they hit the actual spam filter that looks at content. Any of those messages are silently rejected and users have no idea they were targeted.

There are also spikes in activity, tied to the rise and fall of botnets out there and hacks against databases to extract addresses.

For example, since 4am this morning (so about a 10 hour window of activity):

112 attempts to deliver a message were stopped before accepting the message, with 101 of these being due to blacklists. The remaining were 8 that contained incorrect addresses or attempts to use my server as a relay, and 3 were manual e-mail address blocks added by my users. The last 3 are handy, as my users can use throwaway addresses and later blacklist them.

138 messages made it past the blacklist or address validation, meaning the server accepted the full content. 137 were sent to users inboxes, 1 was sent to a users spam folder.

I kept a very close eye on the system when it was set up, sharing Tony's view on false positives initially. With the numbers I see, it's not worth turning up the noise to accept the one or two false positives that might happen each year. In the rare occasion I've seen a false positive, it's usually been because the senders mail server was misconfigured and flagged as a spam relay. The admins of these servers can fix their issue and have them removed from blacklists in a quick and efficient way. Every reject will have a log message the sender can see in their mail server logs. It includes a URL to see why they were blocked and how to remove themselves.

I did avoid implementing one of the old spam blocking methods where a server built it's own whitelist over time. Main reason being that they would do this by sending back an automated e-mail upon first sighting of a new from address. Thats just creating more traffic for no good reason.