Request for Comments: Spam Blocking
The spam situation is getting worse. Thousands of spams now find their way into the mailboxes on my server each and every day. Each client of mine receives SpamAssassin, a tool that helps filter those messages out of the main inbox, but the messages keep coming. Bandwidth is still wasted and spammers realize that the messages are being delivered (at least, by most appearances).
I'm thinking about adding SMTP-level filtering that would follow blacklists and block mail accordingly from known spammers. Presuming I'd do this, I'd try to go with the list(s) that seemed to have the least amount of false positives. However, anytime one uses a blacklist some legitimate traffic may be blocked.
Now, some of you who read my blog are hosted by ServerForest, at least a few others have inquired about my services and virtually all of you have some kind of web hosting account. Here's the question: does you present server (if you aren't on my server) use blacklisting and if so, how do you like it? If you aren't presently on a server with blacklisting, do you wish you were? Would you object to being on one with blacklisting? Would it change your view positively/negatively concerning ServerForest if we used blacklists?
Sorry to use y'all as a focus group, but I figured I should confront this issue, and I knew I'd get some good opinions on my blog. I've actually received a request from one client to implement this, and I was sort of thinking about it anyway.
In other news, I need to implement a password protected section to this blog. There are some interesting server security-related things I'd like to post about, but for the obvious reasons, it is advantageous not to post such publicly. Maybe I'll do that in a few weeks.
Join the Conversation
RE: Request for Comments: Spam Blocking
I’m not currently on a server with server-level blacklisting. Between SpamAssassin and Outlook’s own junkmail filters, I only receive 3-7 spam messages per week for 4 domains combined. It’s working for me, so I don’t worry about it too much from and end-user perspective.
From a server-admin perspective, the spam is still a problem. I’m still using my resources to scan and sort all that junk. At HM, we implemented server-level filtering based on blacklists and saw a significant decrease in server load. It made a huge impact. However, some legitimate mail was being blocked - mostly from yahoo users or people on rinky dink ISPs who don’t care about spam. Relative to the total number of users we had, the false hits were miniscule, but they were there.
RE: Request for Comments: Spam Blocking
Yes, I think the server has some kind of spam protection, but I usually get it through another mail account, which filters the content again. At least I think it is, because I haven’t got very much spam yet
RE: Request for Comments: Spam Blocking
Do it! The inconvenience of occassionally lost email is worth throwing your weight behind the only true solution. We do this here at the college and have had to whitelist a couple of comcast addresses, but life goes on. Spamassassin seems to be less effective lately, though maybe I just don’t realize how much it really catches compared to what gets through.
It might be useful to get a report daily of the messages blocked to the domain admin for review, perhaps with limited headers.
A little sanity checking by those domain admins can go a long way. A tool like tenshi ( http://www.gentoo.org/proj/en/infrastructure/tenshi/ ) might automate the review of the logs and send a report for you. I’ve been eyeing tenshi up but haven’t put it to use yet.
I think that this is much more likely to be manageable for ServerForest than it would be for AOL or Microsoft.
RE: Request for Comments: Spam Blocking
Do it! I recommend Steve Linford’s Spamhaus list. There are others. I would be a bit hesitant to use SPEWS because they are so unresponsive, and at times irresponsible. My own ISP here in Texas uses a Win-based tool called Declude. It works okay. Most of my spam comes to free accounts I have elsewhere.
RE: Request for Comments: Spam Blocking
This sounds overwhelmingly positive. I will do it then.
Kevin: that’s interesting to know — I’ve noticed my CPU workload from exim has been going up lately, I would imagine because of all this spam. sigh
Flip: Sounds like a good method to me.
Josiah: What blacklist do you use?
Ed: I’ll check into that, thanks! I’ll see about implementing this tomorrow, I think.