Slashdot Mirror
Major ISPs Publish Anti-Spam Best Practices
wayne writes "The ASTA, an alliance of major ISPs, has just published a set of best practices to help fight spam. The list of ISPs include the likes of AOL, Yahoo, MSN/Hotmail, Earthlink and Comcast. The recommendations include such things as limiting port 25 use, rate limiting email, closing redirectors and open relays, and detecting zombies. For details, see the ASTA Statement of Intent (pdf) or any of the ISP's antispam websites."
And just like all crime, all we can do is fight back. We either find the weakness ourselves and fix it, or we find out that a criminal (spammer) found a weakness and we fix it. To sit and do nothing would be really bad (imagine windows XP with all the flaws dating back to windows 3.1) :)
I mod down so you can mod up. Your welcome.
I'd be very happy if everyone could get their act together and reject undeliverable addresses during the SMTP transaction. Delayed bounces are responsible for most of the backscatter which pollutes my mailboxes and logs these days.
Qmail, I'm looking at you. People who don't run something like LDAP on their secondary MXs, I'm looking at you.
I'm almost to the point of blocking the null sender from certain hosts, just because they are nothing but crap. I know all about the RFC (and rfc-ignorant.org), but they're causing a serious problem for the rest of the world.
The worst part is for people who run control panels like Plesk. They have to run qmail (no choice in the matter), and so they either become a delayed bounce source, or they enable the catchall and get to suck down all that mail. They can't win.
just like we should not publish our source code because then hackers will find exploits, right?
-ninjaneer
best practices to help fight spam. The list of ISPs include the likes of AOL, Yahoo, MSN/Hotmail, Earthlink and Comcast.
Something that would really help is for these big companies to protect their own domain names by going after anyone who forges the headers as such. These days if someone isn't already in my whitelist they are probably going to get caught in my spam filters if they use any of these domain names.
Under most circumstances I think it is a bad thing for a company to throw lawyers at someone until there is nothing left but a smoking hole in the ground, but I think I would make an exception for spammers. These companies not only have the resources to make spamming unprofitable, but they have a valid, and vested interest to do so.
Howdy Doodly Doo!
Anybody want some Toast?
As a mail administrator for a medium size company I've had to deal with residential broadband ISPs blocking access to port 25 a lot lately. It was a headache explaining to employees that work at home, at the office, and at customer sites, that they must change their outgoing SMTP setting in Outlook depending on their location. This is a true PITA as lots of times your not supplied with that information (or at least it is not obvious to the non-technical people), for example, internet access in hotel rooms.
For a while the quick and dirty solution was to use webmail when in doubt but we needed something that people could live with and as much as I dislike M$ Outlook its a lot better than Horde, Neo, or Sruirrel Mail (IMO).
My 80% solution now is to handle SMTP on both ports 25 and, hehe, 26. So far so good, I'm able to go between the office and home on my laptop with no problems where as before Cox Cable wouldnt let me get to our SMTP server.
I'm wondering what other admins have had to do in this situation. I know I'm not alone here. And how do you think it will effect the propogation of spam in the future.
Im dreaming ofa big bndwdth, That can resist the
Attacking the source of the money--that, I believe, is the only way to kill spam.
That's why I run Unsolicited Commando. It fills the inboxes of companies that pay for spam with spurious form fill-outs. I guess it's kind of like giving them a taste of their own medicine.
Help find a cure for cancer. Join the [H]orde