3 Evergreen Tips to Help Reduce Spam for AdministratorsWritten by Paul Mah on December 15, 2010
Last week I wrote about a number of evergreen tips that system administrators and IT managers can practice in order to better protect the email addresses under their charge. The majority of them are proactive in nature, and revolve around a strategy of not divulging one’s email address to spammers.
Today, I want to highlight a few pointers that administrators can implement to reduce the most common spam messages received by their organization in the long term.
1. Implement a centralized spam management solution
A common argument against the implementation of a centralized spam solution is that junk mail filtering functionalities can generally be found in most of the popular email clients, not to mention a number of high-end anti-malware tools. The problem with this line of thinking, unfortunately, is that it conveniently ignores the determination and sophistication of spammers in getting their unsolicited mails delivered.
As it is, the spam filtering capabilities that are “bundled” into a number of client-side software are two generations behind at best, and only effective in stopping spam sent by the newest of amateurs. A centralized solution, on the other hand, usually comes with the capability of learning from similar spam being sent to other accounts within or outside the organization. Moreover, administrators have a far better “view” of directed attacks, and are hence well-positioned to identify new techniques and tweak the appropriate configuration to defeat them.
Finally, having the infrastructure and configuration for a centralized infrastructure in place means that they can be swapped out for more effective solutions should the need arise, or even stacked together to create a multi-layered approach to spam filtering. Note that the spam management strategy I am advocating here includes both a hosted or on-site deployment.
2. Disable Open Relays
In the midst of the perpetual battle against spam, it makes sense to ensure that your organization’s servers are not exploited to deliver spam without your knowledge. While open relays should be disabled in a modern email system by default, it is an important enough topic that care should be taken to ensure that there are no configuration mistakes or inadvertent “loopholes.” On the latter, I’ve personally witnessed an email server with open relay disabled sending spam – it was originating from an infected machine on the local network. As such, an even better option would be to configure your email server to require authentication for SMTP.
In the same vein, another method to slow spammers down would be to implement tarpitting, which seeks to delay incoming connections by dramatically throttling network connections. Ed Fisher over at TheEmailAdmin has written a great piece on slowing spammers to a crawl with SMTP tarpitting, which you might want to check out.
3. Consider implementing DNSBL
One of the cheapest methods (computationally speaking at least) of sieving out spam is to rely on a DNS-based Blackhole list, also known as DNSBL for short. The idea behind DNSBL is simplicity in itself, which is to automatically block senders based on their source IP address; an IP address that has been flagged as having been used to propagate spam will automatically be rejected. Lists of blacklisted domains are maintained by various parties, and it is your onus to select which one (or combination of lists) to adopt for your company.
I feel that this approach is both robust and fair, since legitimate businesses will make efforts to ensure that their email servers are not sending out unsolicited emails, or to remote themselves if they end up on a list due to a malware or Trojan infection. And because a connection must first be established before spam can be delivered, it is trivial to reject a blacklisted IP address using a proxy even if your email server does not directly support this feature. As such, spam is rejected without the need to even look at them, freeing up precious processing cycles on your email server.
A centralized solution would obviously be required to implement DNSBL, and adequate care taken to administer complaints of either missing or erroneously rejected emails. When used in conjunction with techniques such as tarpitting, DNSBL should serve to dramatically cut back on spam.
I’ve looked at the server-side methods of spam reduction for today. In next week’s installment, I shall be examining a number of user-centric practices that will help businesses fight spam. Stay tuned and remember to check back.