Forwarding Spam

[TheCursedONe]

Hi,

I thought the best place to ask this question might be an anti-spam forum, so I figured I'd ask it here.

First of all I am committed to fighting spam. Hate it. I am a mail-server administrator and I have increased our spam filtering so that we filter about 96% of spam.

Recently I found my server IP on AT&Ts internal blacklist and didn't know why. My server is clean of viruses and I do not allow open relaying. Nobody on my server is sending bulk mail. So I read on AT&Ts anti-spam site and saw that they recommend that I spam-filter email that is forwarded from my server to other servers (i.e. if I have xxx[at]mydomain.com which is setup to forward to xxx[at]yahoo.com), which is something I do not do. Nor does it make any sense IMO for me to do it. Why should I spam filter email that is not to be delivered on my server - wasting my server resources?

I wanted to get other people's opinions on this and see what would generally be considered as best practice concerning this. Is AT&T being too paranoid/picky? (Like GoDaddy - which apparently automatically spam-blocks entire IP blocks) or is it generally considered to be standard practice that email that is forwarded should be spam-filtered.

[Miss Betsy]

I am not a server admin, nor am technically fluent so I am not going to be any help to you. But I will be interested to see what answers you get.

IIUC, ATT wants you to filter out the spam for them. Maybe it's because they are cheap. Maybe because it is harder to filter spam when it has been forwarded?

I don't know how you are filtering spam. ISTM, that mail to your customer should be filtered for spam before it gets forwarded anyway if you are filtering for spam, but with my lack of technical expertise I have no idea whether that's realistic. Also, I think it is becoming popular to scan all outgoing email for spam - which causes no end of complications with spamcop reports and also a lot of lost good mail. Perhaps that's what you are lacking from ATT's viewpoint.

As I said, I am looking forward to answers from other server admins. If you don't get much response here, the spamcop ng would be another place to post.

Miss Betsy

[rconner]

(...snip...)

Recently I found my server IP on AT&Ts internal blacklist and didn't know why. My server is clean of viruses and I do not allow open relaying. Nobody on my server is sending bulk mail. So I read on AT&Ts anti-spam site and saw that they recommend that I spam-filter email that is forwarded from my server to other servers (i.e. if I have xxx[at]mydomain.com which is setup to forward to xxx[at]yahoo.com), which is something I do not do. Nor does it make any sense IMO for me to do it. Why should I spam filter email that is not to be delivered on my server - wasting my server resources?

Not quite sure I understand your situation, so here are some questions to chew on:

• What sort of mail servers do you run (i.e., MTA, MDA)? You have said that you don't do open relaying -- then, what exactly is the nature of the services you provide?
  
• Are you running these services on behalf of other users (i.e., your customers or subscribers)? If so, how do they get to your servers (e.g., using an MUA within a closed IP net, via webmail, etc.)?
  
• What is your relationship with AT&T and why would they be interested in the activities of your server? Are you buying bandwidth or service from them, or are you just relaying mail that has been addressed to their users?
  
• Did AT&T say specifically why you are on their "internal blacklist" (e.g., for sending spam to their users, or else through their facilities)?
  
• What has led you to conclude that no one is sending bulk mail through your server? Have you checked your server's outgoing logs and do they give any evidence for (or against) spam from your operations?
  
• When you say that you are being asked to "spam-filter e-mail that is forwarded from [your] server to other servers," what does this mean? What kinds of users or servers are forwarding mail to you, and to what other kinds of servers do you forward to?
  
• What do you mean when you say that mail is "not delivered on [your] server?"
  

-- rick