"IMHO bouncing emails is a total waste of time "
True and not true.
True as far as spammers go; they just get themselves a willing SMTP server and stuff a million emails into it. Nothing that comes back to the From: address goes anywhere - unless of course they use a potentially real forged address like
[email protected].
False as far as false detection goes. If your filters are a bit too aggressive (and getting them 100% right is NOT possible) then you will be dumping some emails from real people who want to contact you. It therefore helps to notify them that their email got dumped. Also, a lot of IPs, including those of big ISPs, get blacklisted by Spamcop etc, sometimes for only a day, sometimes for much longer. I can think of one big UK "business ISP" whose SMTP server is blacklisted by AT&T....
The mailwasher based antispam approach is hit and miss. I used MW for about 2 years. We used to get 1000+ spams a day, which it would identify with ~ 99% accuracy. So, every day, 10 real customer emails got lost. Completely useless!
In the end we just used it as a convenient way of deleting loads of emails. We ended up reading the subject of every one of those 1000, and would add any real ones to a "friends" list. But any new one would still get lost, probably.
Obviously one can do things in a business like adding the part number, name, etc of every product you make, or the name of everything that interests you e.g. cessna piper lycoming continental propeller etc etc to a subject-whitelist. Partially successful.
The only real way to attack spam is to use a system like TMDA which requests every previously unseen sender to reply to an email. The reply is used to authenticate them and add them to a whitelist, after which they don't get the request again.
Except for senders too thick to read and understand an email saying "please reply to this message", it works 100%.
I have TMDA running on my server but there are commercial versions, very cheap, which basically provide you with a POP box.
We have refined TMDA so that the sendmail logs get parsed for To: headers and those get added to the whitelist too, so if WE send an email to someone first, they are already on the whitelist. This is a great feature which I don't think is available commercially.