Don't get me wrong, I'm mostly glad that this happened. However, I want to make sure that the reasons for it happening are sound - rather than there being a problem with our methods. I'd like to illustrate what's going on here with a graph:
(source: lightspeed.ca)
The bright green line here shows the rate at which our server has rejected messages from IP addresses listed in realtime blacklists over the course of the last 12 months. Last May, we were rejecting an average of about 175 messages every 5 minutes, or 35 per minute, using this filter alone. It's pretty clear that since October, it's tapered off to a fraction of that - we're now averaging about 8 rejected messages per minute on this filter:
(source: lightspeed.ca)
Since we see no corresponding rise in the number of messages being trapped by Spamassassin (the teal line largely drowned out at the bottom of the graph) or any other filters, I can come to one of two conclusions based on these statistics:
1) All of our filters have become ineffective.
or
2) Spammers aren't spamming as much as they used to.
Historically speaking, I find 1 to be much more likely than 2. However, from experience and customer complaints (rather, a lack thereof), 1 isn't true because we're not seeing much spam in our inboxes anymore. So what the heck is going on here? I can't fathom that spam has somehow become unprofitable. Have they moved on to softer targets? I'm seeing little to no spam on Facebook or Twitter or any HTTP forums. Have there been massive arrests, removing spammers from the wild, and discouraging new criminals from entering the ring?
Whatever the reason, it sounds to me like a hard-fought victory for someone out there. But I still want to make sure that it's either time to break out the champagne or start sharpening our swords.