I know you are all busy contributing on community driven websites, building a force of collective knowledge and working very hard in this new Web 2.0 world. So I'm here to give you a much needed break - in security at least!
One of the most important things to cover first as we head into 2007 is spam control. There are many preventive measures that individual web hosts and data centers need to take and stay on top of. It's a good idea to keep yourself updated on trends by reading security sites and blogs on a regular basis. Browsing through the comments on the latest post in
Bob Sullivan's blog has me amazed. Some of the readers posed interesting ideas on how to combat spam while some only left me baffled! Ideas ranged from charging everyone 5 cents to send an email, requiring Internet users to take a test to get an "Internet License" and to the very bold and simple solution of, "If ISP's don't police their customers, then they should be shut down."
Case in point, one commenter confidently stated:
"Internet providers [in the Netherlands] are mandated to cooperate, but are happy to do so since spam costs them dearly in bandwidth and blockages from foreign servers (especially from the US). Oddly enough, most spam these days does not come from servers in distant Pacific Islands, but from the US. So, US government: flex your muscles!" While another commenter challenged spammers to launch an attack against his inbox:
"BRING IT ON! I don't care if there is spam! The spam just doesn't get past my defenses and it is nearly all an automated process. I'm not hit by malware, phishers or trojans and most of that is canned before I even see it. Maybe I am just very different because I am a responsible computer and Internet user. I guess I won't make the headlines, because I am never plundered." Until everyone masters his spam fu, hosts and data centers must do their part to outsmart the spammers and scammers, and to help Internet users understand the "why and how" of it all. Most of us are already doing a superb job, but there are some serious problems lingering out there without answers. Have you ever noticed that Verizon houses nearly 100 ROKSO spammers?
Verizon's Spamhaus records go back to 2002 with the help of leftover MCI listings. Why are they allowing these organizations to operate freely in their turf? This is what I am trying to find out. To know that larger corporations are not doing their part is disappointing as we work so diligently on the sidelines. I am currently doing research with Spamhaus right now and in my next article I hope to shine more light on this. I want to give a sense of what responsibility really means to us as web hosts and to all Internet users.
More About Kayla
Surpass Hosting
Tell spamhaus that if they really want to help combat spam then come up with a better system to deliver mail. Eventually they'll every IP on the planet blocked and then anyone who uses their database won't get anymore spam.
The times that we've had a listing, I have replied as quickly as possible (normally within one hour at the most) with details and a time frame on when the offending site will be removed. Each time we've had a listing it's definitely for good reason and I was glad to have received the alert. They reply quickly as well - in an hour or less. If you work with them, they work with you.
Many times I was already aware of the situation and this shows me that Spamhaus is really on top of reports.
Any employees/volunteers who deal with spam and abuse on a daily basis aren't always going to have an extremely friendly attitude, it's possible but rare. It's just something you have to deal with. Don't get emotional and stick with the facts in your responses and you'll be much better off.
It is unfortunate that you had a bad experience. I do not believe it's the norm if you're working with them in a timely manner.
1. Content filtering: This technique requires much work by the end user, work that most customers that I've spoken with don't want to maintain. So, thats okay, it really only helps if you are getting spam attacked by a specific message or place.
2. Known Spam IP address Blocking: This is the kind of spam blocking where your computer or server cross-references a message header, containing server IP information with their database of servers using SMTP services that have been reported as sending spam. The sad thing here is that most of these companies do NOT verify the reports. They are more than happy to list a server with a handful of complaints, making the job of legit mail server administrators very difficult. I suppose it gives them job security.
3. Reverse DNS Checking: This is when the receiving email server does a domain name check on the IP address to see if the sending email server administrators provider setup proper records. This method is not to effective because many times, a timeout will cause a false positive.
4. SPF Records: We were real excited when first implementing this feature back in 2005. But, it relies on the theory much like a fax machine. If everyone doesn't use it, it's not too useful. We found to this day that most email administrators choose not to setup an SPF record, even the larger providers! I could go on and on about SPF, but I may run out of char. limits here!
5. Bayesian Filters: I believe that hotmail and msn boxes use this feature the most effectively. It's it allows a user to mark messages as spam individually. The server then each night, compares all messages marked as spam for similarities. Next, it will determine based on the results which messages to mark as spam automatically the next day. Brilliant! However, this is what is also KILLING automatic email forwarding. I 'spose that you have to sacrifice something for the greater good.
6. GreyListing: Somewhat new to use, but the fellows at Yahoo have been using it for some time. This method is real cool, it delays a brand new message from any unknown or recorded email servers for about 20 minutes. Most SPAM servers will try a few times right away, but don't try more than once to send the message, so the grey filter accepts messages that are sent from the known mail server after the first new one is resent after the 20 minutes.
7. Third party software scrubber: Now, client side is fine, but costs end-users money. Providers can put software like Barracuda or Spam Assassin between the sending and receiving server to scrub for spam. I'm not sure how it determines the messages validity, but there are some programming guru's out there compiling algorithms that work very well.
Using Outlook and server side filters, I’ve cut down my spam from a few hundred to just about 2 or 3 per day. I think that the trick is to stay ahead of those darned spammers!
Does anyone here know Askimet? I know that this is a weblog comment spam filter, but the success of Askimet lies IMHO in the combo between technology filtering and user input, much like SPF Records and Bayesian filtering combined. All posts that are previously and significantly marked as spam are marked as such everywhere (this is the filtering part) and all additional posts that have slipped through and are marked as spam are sent to a central server for processing.
So what if people collaborate with the Thunderbird team to add a similar feature, this might inspire more hosts to set up SPF records.
Btw, SPAM is illegal in the Netherlands since 1994. This gives the police the means to force webhosters to stop spammers and provide client details so they can be caught and prosecuted. Only a few days ago a notorious spammer who sent out 1.3 bln spam messages was arrested and convicted ($100k+ fine and jail time).