I've gotten a few emails curious about the MySQL output I sometimes
refer to in posts.
I just finished blowing the dust off a paper I wrote several months
ago, documenting some of the antispam measures I've developed. I added
some info about how I use a database to store historical info. It's
been an invaluable tool not only for presenting clear evidence of
abuse, but for efficiently maintaining access lists, as well.
The paper is at http://www.snark.net/snarkspam.html
It's not the most polished document, as its main purpose was for me to
document the system for myself, but I hope it can provide some hints
or techniques for other folks to deal with the spam problem.
Matt Ghali