WHIR | BLOGS | WEB HOST NEWS | FIND WEB HOSTS | RESELLER HOSTING | MAGAZINE | WHIR TV | NEWSLETTER | rss feeds
web hosting news - daily web host interviews, insight Jobs | Events | Sitemap | Search
Green Data Center Info

Protecting Against Spam

By Doug Kaye

From Web Hosting Monthly, September 2003 Edition

October 8, 2003 -- (WEB HOST INDUSTRY REVIEW) -- Spam annoys us all, but it threatens the very survival of Web hosting companies. Hosting a spammer can affect the performance of your infrastructure and your other customers. Even worse, it can put your block of IP addresses on the known-spammer lists, which in turn could shut down your entire operation by causing you to unwittingly violate your own hosting service or ISP's Acceptable Use Policy (AUP).

To find out what a Web hosting service can do to protect itself from spammers, I turned to my local experts in all things email. Bart Schaefer is the CTO of iPost (ipost.com), a company that handles a huge volume of legitimate opt-in-only mailings such as my own IT Strategy Letter. As a high-volume emailer, it's even more critical and difficult for them to ensure their operation and IP addresses are never listed as a source of spam.

The earlier you deal with the problem of spam, the easier and less costly it will be. Schaefer says, "The first and most important thing Web hosting vendors should do is perform due diligence checks up front-before agreeing to provide service." He suggests using the basic tools available to us all. Begin during the sales process when evaluating a new customer. Use a search engine to learn what you can about each prospect, and don't forget a credit check. It should come as no surprise that many spammers have bad or non-existent credit.

Take advantage of the many public email blacklists. Check prospective customers' existing IP addresses, as well as your own blocks of addresses. This is one way to detect spammers on your servers and the overzealousness of spam hunters.

Become familiar with the Spamhaus Project (spamhaus.org) and their ROKSO database: the Registry of Known Spam Operations. This is a list along with supporting evidence of the most hard-core spammers. To qualify for the list, a spammer must have been kicked off at least three ISPs for spam-related offenses. These are clients to avoid.

Next, turn to Google Groups and search the news.admin.net-abuse newsgroup. Google's Advanced Search can order your results by date, placing more weight on recent postings. But be careful-there are two problems to watch out for here. First, many of the postings are forgeries intended to discredit legitimate third parties or otherwise shift blame away from the real spammers. Second, make sure you don't confuse a spammer with someone who is the recipient of spam and only appears in your search results by virtue of having reported an offender.

Dealing With Spammers

Suppose in spite of your best efforts, one of your customers turns out to be a spammer. What then? Your success in dealing with that customer may depend on your AUP, one of the few tools available in dealing with a spammer.

Spamhaus has a number of examples of good anti-spam AUP clauses. Schaefer says that iPost makes a point of verbally confirming their "solicited mail only" policy with every customer before a service agreement is signed. In addition to the transmission of unsolicited email, he suggests that Web hosting vendors include additional clauses that cover other forms of abuse. For example, the SAVVIS AUP, part of which can be found on the Spamhaus site, bans the use of SAVVIS' systems for "drop boxes" advertised in spam sent somewhere else, and also bans open relay mail server configurations.

The final step, according to Schaefer, is to pay attention and enforce the AUP. He sees some companies on the Spamhaus AUP list who have good policies but don't enforce them. "This does not mean instantly terminating a customer because of a complaint, because forgery is so common in spam that many complaints are misdirected," he says. "However, it does mean evaluating the accuracy of every complaint, investigating those that appear legitimate, and taking action if a pattern of abuse emerges."

Are there technological solutions? According to Bart, "Bandwidth and traffic monitoring might be helpful in detecting spam runs before the complaints start to come in, but avoiding the spammers before they get started is still the best approach."


<< Will Web Services Change Web Hosting     The Role of Community-Based Support >>




 

SPONSORED LINKS
> Apollo Hosting: Award Winning Website Hosting from $6.96 – Click Here!

> iWeb: Quality servers. 3000GB of traffic for only $69

> TopLayer: SC Mag Recommended. Protect against DDoS Attacks & more.

> Parallels: Automation and Virtualization. Buy ONLINE or Learn MORE!

> Website Source: Powerful Website hosting starting at $6.85

> Rackspace: Hosting Solutions That Bring Peace to Your IT World™

> GeoTrust: The Most Flexible SSL Partner Program

> The Planet: Dedicated servers and managed hosting solutions

> Microsoft Hosting Days: New Services, Revenue Streams & Growth! Register!

> Buy and sell domains with the industry leader: www.Afternic.com.

> SERVER4YOU: Dedicated servers – starting $29!

> Serve customers, not servers, with Verio 360° Managed Servers

> NTT America: Scalable Hosting Solutions from Start > Growth

> Cloudmark SpamAssassin Plugin: 98% accuracy & carrier-grade performance.

WHIR NEWSLETTER SIGN-UP | MANAGE SUBSCRIPTIONS | WHIR RSS FEEDS
Name:
 Email:
 Password:
 theWHIR Blog Email Update
Magazine
Daily News
Find Web Hosts
 Occupation:
 Company Type:
Find Web Hosts | Reseller Hosting | Personal Web Hosting | Small Business Web Hosting | Dedicated Servers | Managed Hosting | Adult Web Hosting


About WHIR | Online Advertising | Print Advertising | Print Subscription | Email Newsletters | RSS Feeds 		 
Submit News | Privacy Policy | Buy Reprints

Web Host Industry Review, Inc. is not responsible for the content of comments submitted by our users.

   © Copyright Web Host Industry Review, Inc.
'>