Jump to content

How to be a responsible email service provider?


colin_zr

Recommended Posts

I work for a company offering a spam-filtering service. As part of our service we offer spam-filtered webmail accounts. Ironically, we've recently found our webmail service being used by spammers to manually send out scam emails. A few days ago we got blacklisted by Spamcop because of this. While we will happily delete an account as soon as we know that it's being used to send spam, we can't guarantee that no spam will leave our system since we don't know that someone is a spammer until after the spam has been sent.

Given that we're in this position, what can we do to prevent ourselves getting listed in Spamcop?

Link to comment
Share on other sites

There is no way to gurantee it. Like you said a spammer signed up for your service. You did the correct thing and removed their account and you will drop from the list 48 hours after thhe last spam report.

If there were no blocklists or spam filters or router deny tables and email flowed without being stopped then the spam problem would be much worse than it's already devastating amount.

The spammers have just about ruined email as a communication tool because of their greed and lack of concern for anyone but themselves. There has to be a way to stop this nonsense.

I think you would agree with me that everyone is tired of receiving mortgage quotes, penis enlargement, breast enhancement, weight loss, nude 40 year old teenage sluts, Viagra, vacation, lottery, prescription drug, business opportunities, genealogical, university degrees, gambling, get rich quick, MLM, pyramid schemes, Web Cams, Russian brides, work from home, stock scams, pirated software and everything else that is force fed into our inboxes.

Spammers have spoiled it for everyone and this is just the beginning of a new era for email.

Link to comment
Share on other sites

That sounds fair enough. Speaking personally, I'm not a big fan of IP blacklists in general -- I find them to be a rather blunt instrument. But I'm not going to argue against their use here.

But let me ask another question: A company like Hotmail must send thousands of emails every day. And it's a free service, so presumably spammers use them in the same way that they use us, only on a far larger scale. I'd guess that people would be reporting them constantly. How would a service like Hotmail manage to keep itself out of the blacklists?

Link to comment
Share on other sites

Believe it or not very little spam comes from hotmail. People know that if they spam from hotmail their account will not just be terminated but they will surely have their day in court and the outcome will not be something to be happy about.

For many smaller ISP's it is very hard to find the funds to persue spam abuse at such lengths and just end up cancelling the spammers accounts. The spammer is happy and moves to another unsuspecting small ISP.

Link to comment
Share on other sites

That sounds fair enough. Speaking personally, I'm not a big fan of IP blacklists in general -- I find them to be a rather blunt instrument. But I'm not going to argue against their use here.

But let me ask another question: A company like Hotmail must send thousands of emails every day. And it's a free service, so presumably spammers use them in the same way that they use us, only on a far larger scale. I'd guess that people would be reporting them constantly. How would a service like Hotmail manage to keep itself out of the blacklists?

There is also the issue of volume. There appears to be a function on the SpamCop listing algorithm that weighted complaints vs overall volume of mail. The more mail that is sent (and not complained about), then less weight any one complaint has.

Link to comment
Share on other sites

I believe also that Hotmail limits the number of emails that can be sent and will stop a person from sending more than number.

There are other ways that ISP's control spam from their systems, but since I am not an admin, I don't know the technical terms.

However, even the whitest hats sometimes have a spammer slip by. The way that they don't get listed is by responding immediately to the spamcop report. (Or at least the listing is not as long) There are ways to get the spamcop reports directly to you.

The advantage of the spamcop bl is that it responds immediately to a spam run which allows those who use it to filter spam to prevent spam from getting to their users and also, notifies the ISP so that they can stop it (sometimes in the middle of the run).

I don't quite know how the Bonded Sender program works that Iron Port runs - you sign up with them, post a bond, and if you let a spammer slip by, you lose part of the bond. They probably will tell you ways to prevent that happening.

Miss Betsy

Link to comment
Share on other sites

Given that we're in this position, what can we do to prevent ourselves getting listed in Spamcop?

1. Record the IP of the sender in the Received header that should be recorded when your customers send an email. The parser should automatically list your customer's IP instead of yours. Depending on the circumstances you may need to work with a SpamCop Deputy to get your server recognized as a legitimate relay.

2. Make sure your server(s) DNS resolves both forward and reverse. The parser is less likely to 'trip' if it doesn't 'sense' bogosity. This will also help prevent rejections by mail servers that won't accept email coming from IPs whose DNS doesn't resolve.

3. Consider limiting the number of emails an account can send per message, per hour, per day. If you get (or have) customers who legitimately need more than the limit then grant then an exception once you've ensured that their outgoing emails won't be spam.

Link to comment
Share on other sites

Given that we're in this position, what can we do to prevent ourselves getting listed in Spamcop?

What you really want to make sure is that you are not in other DNSbls. Spamcop.net's is one of the easiest ones to get off of.

You will want to get familiar with what the major DNSbls operators are, and what they list.

Pay particular attention to the ones that list open proxies.

Set up a program on your abuse e-mail address to scan incoming messages for the headers of messages that have your I.P. address in them. Use that to locate the I.P. address that your server accepted the e-mail from. Your private tags can be used to block that I.P. address from sending more mail until you can investigate.

Do not look for your private tags and assume that since they are not their that the spam did not originate from your network. Spammers will use any security hole or misconfiguration to send their spew.

The reports from spamcop.net and other testing services will be in a standard form which a program reading your abuse address can read and prioritize.

Now back to the major DNSbls operators. Check the I.P. address of posters that are connecting to the web form to send e-mail. You will not want to accept an e-mail posting from any e-mail address that is listed as an open proxy or otherwise compromised. Any mail you get from these is almost totally guaranteed to be spam.

You will also not want to accept e-mail from any I.P. range that appears to be controlled by a spammer.

A check of an I.P. address against the sbl-xbl.spamhuas.org dnsbl will check for two conservative open-proxy/compromised computer list, and a conservative list of i.p's controlled by spammers.

If you read the faq at the njabl.org service, you will find that they have a setup that will allow the submission of every I.P. address that wants to send an e-mail from your service for being an open proxy. If you rate limit untrusted I.P. addresses, the test may be complete before many e-mails are sent.

You may not like the DNSbls, but they are the only thing that seems to keep ISPs looking at their abuse e-mail. And you can use them to keep the spammers out of your system.

-John

Personal Opinion Only

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...