Major ISPs Publish Anti-Spam Best Practices

wayne writes "The ASTA, an alliance of major ISPs, has just published a set of best practices to help fight spam. The list of ISPs include the likes of AOL, Yahoo, MSN/Hotmail, Earthlink and Comcast. The recommendations include such things as limiting port 25 use, rate limiting email, closing redirectors and open relays, and detecting zombies. For details, see the ASTA Statement of Intent (pdf) or any of the ISP's antispam websites."

Don't forget SPF

Several large ISPs are backing SPF. I even noticed my ISP, Verizon, who tend to be quite lazy and stupid when it comes to spam (and other things), have added an SPF record.

Re:Penalties

[Animats]

Exactly. That's what California enacted as law, and what the Direct Marketing Association successfully blocked by pushing the CAN-SPAM act through.

The California law made the "beneficiary" of the spam responsible for it. And anybody could sue. That would have made hiring a spammer very risky.

Broadly defining the "beneficiary" could go even further. The credit card service provider, and the bank behind them, could be held responsible for spam if they processed a transaction resulting from spam. They profit from it, after all. A good lawyer could make the case now that they bear some responsibility, especially if they assist in any way in concealing the identity of the spammer.

We really need to go after the payment end of spam, not the sending end.

Re:Mail admin here, my solution was port 26

[harlows_monkeys]

I do run authentication and SSL is on its way, but care explaining why port 587 would be any better than, say, 26?

Because port 587 is the one specified in the Message Submission RFC (RFC 2476).