A Conversation for How to Fight Spam

Corporate Spam

Post 1

Tyrian

Assuming the original advice is for home users I thought I'd give a bit of advice for any business users about spam management.

1) Ensure your organisations email usage policy covers spam. This should include guidance to the end users ensuring they are aware of their responsibilities to keep spam levels down and how they should go about this (e.g. it needs to be reported and who to report spam to etc).

2) Install appropriate email management products to prevent spam. These should include:
Text analysis - prevent all emails containing known text strings from getting through. Although this can trap many of the common forms of spam such as emails about weight loss or getting rich it is worth pointing out that many spam emails contain deliberately poor spelling to get round text matches (e.g. loose weight quckly)!
Blocking lists - prevents spam from known email addresses and domains. Maintain a 'static' list and also use real time blocking services such as www.mail-bause.org www.openrbl.org or www.spews.org

3) Implement some configuration rules such as "Don't accept messages with more than x number of recipients". Tuning of these rules would depend on your organisation.

Having given my tuppence worth, I'll stop here as this could become a long and rambling post. The best way to combat spam in a large organisation is to employ someone who knows what they are doing. According to a recent report I read between 2%-10% of corporate email is currently spam with that figure expected to rise to 10%-20% in the next few years. 25% of home email is already spam.


Corporate Spam

Post 2

Caveman, Evil Unix Sysadmin, betting shop operative, and SuDoku addict (Its an odd mix, but someone has to do it)

I agree. However, I have a few points to add.

The small business, or anything up to the medium-sized non-technical business, probably can't afford to hire someone to deal with spam. They probably have a PC in the office which they bought from a high street retailer, which came with 'The Internet' on a disk. That's all they know, and all they want to know.

This type of user is probably cranking out copies of Klez and other virii, because they don't know what a virus killer or firewall is.

In the medium sized technical operation, or any large company, it is likely that they run (or atleast outsource) their own IT operations to a clued individual. (However, I doubt my own words here, because I have met many clued individuals, and most of them speak visual basic, and think a clue is something that scooby doo finds).

Such large or technical operations probably have permanent connections to the net. They probably have proper firewalls (not toy firewalls that alert you to trivial things as users pressing the 'Stop' button in internet explorer). If this is the case, then the best way to prevent spam is to stop it at the SMTP server level by running your own MX. You arrange for mail to your domain to be delivered directly (i.e. you adjust your domain's MX record to point straight at your internet connection), and you run a MTA such as qmail, sendmail, or anything but exchange (because exchange is not designed to be connected to a hostile internet). You can then filter on IP, domain, or anything else available to you prior to SMTP DATA.

Bouncing mail by remailing it AFTER you have received it is bad, and probably stupid. Spammers forge headers, so your bounce could be going anywhere. (And the spammers probably know you bounce, so they are now getting you to distribute their spam). The only way to tell spammers to #### off is to reject the mail with a 5xx message before SMTP DATA. However, there are certain spammers who retry delivery after a 5xx for months.

For those persistent morons who, after the 10,000th 'go away, we don't want to talk to you' message just don't get it, we reserve the teergrube, which is a german word meaning 'tar-pit'. This is a machine which responds so agnoisingly slowly that it ties up the remote end for hours, days, or perhaps even weeks, hopefully preventing the spammer from moving on and annoying someone else. We transparrently proxy all incoming connections from certain troublesome spammers to our teergrube. Usually after a couple of weeks, they realise something is wrong, and reset the connection manually. After a few cycles, they don't bother us for a while.


Caveman Jim, an insane unix admin who doesn't like spam.


Corporate Spam

Post 3

Tyrian

Trust a sysadmin to respond to a sysadmins post!

I like the sound of your teergrube... Must have a word with our security department about getting one.

The comment about not bouncing spam is appreciated. If any of you guys and gals think you get a lot of spam you should try being a postmaster!

I think the best way to deal with spam would be to introduce an international death penalty for spammers to be enforced by tying them to the sub-atlantic internet fibre cables or wiring their heads into a router and passing millions of IP packets through their brains (or other suitable techno deaths). Maybe my job makes my position on this a little biased though....


Key: Complain about this post

Write an Entry

"The Hitchhiker's Guide to the Galaxy is a wholly remarkable book. It has been compiled and recompiled many times and under many different editorships. It contains contributions from countless numbers of travellers and researchers."

Write an entry
Read more