Spam : A global problem
Posted by Tom Whiting on 22 Nov 2007 at 02:08 am | Tagged as: The Spam Issue
(No Ratings Yet)
Loading ...When I picked up my first domain, almost 8 years ago, spam was not the issue it is today. Ever since, it appears to have gotten incredibly worse. Why? How do you combat it? Here’s a few tips and tricks from someone who’s been doing this stuff for a few years, and (admittedly) is still learning a lot of stuff:
Firstly, don’t rely on your MTA to handle mail spam. Spam should be accepted, or rejected from the server before it ever hits the MTA, through a proxy such as ASSP . Doing this will drastically reduce the load on the server itself, and can cause good things all around.
Secondly, don’t just use ONE option to filter for spam, use MULTIPLE! For example, check RBLs, check Helo’s (not Halos), RBLs, hostname, whitelists, RDNS, PTRs, etc. Don’t deny mail based on just ONE option, but build yourself a list, and go from there. Also, don’t just ban based on ONE RBL (though, admittedly I do), but do multiple RBL failure checks.
Spam has gotten so bad that individuals have resorted to “comment spam”, the newest, and most heinous form of spam, as it is no longer “private”, and requires moderation on a day to day basis. Thankfully, there are those out there that are helping to fight this, and there are ways to develop “wrappers” around your application that will deny ip addresses based on spam entries alone.
Unfortunately, the oh-so-wonderful U.S. government has all but made spam legal with the Can-Spam act of 2003. For all they’re concerned, as long as the sender uses a legal email address, and jumps through a few hoops, well, they are legally able to spam you. This is what you get when you deal with people who are business minded, instead of consumer minded, and have minimal interest in the consumer part of things.
So, how to combat spam? It is a growing, online adventure, and here are just a few tips that I have managed to put together to combat spam, both on the email level , and on the comment / commercial level.
- Use RBLs to verify your entries
- Check RDNS Entries (in email)
- Deny illegitimate traffic
- Create wrappers to your online applications
Over the next few days, maybe the next couple of weeks, I will walk through doing this, what options are good, what ones are bad, and how to get the most out of your applications and traps. Check back for more!
Leave a reply
You must be logged in to post a comment.
