Minimizing Spam; Avoiding the Blacklist

Ben Franklin is credited with the adage, “Clean your finger before you point at my spots.” Regarding spam and your blacklisted server, this means that as you work to get your server off of the Comcast blacklist, you should put as much effort into making sure that it does not end up on the blacklist again. There are several simple steps that you can take now to minimize the amount of spam that is generated by or passes through your server.

1. If you are a web host, identify hosting accounts that are being used to send unsolicited commercial email and eliminate them. You are doing a disservice to the other `law-abiding` accounts on your server by harboring the offender.

2. Is your server’s DNS info configured correctly; especially regarding the reverse DNS? RFC1912 2.1 says you should have a reverse DNS for all your mail servers. A correctly-configured reverse DNS entry associates a domain with an IP, making it easier to identify spammers; that’s why spammers usually do not employ reverse DNS. Comcast’s mail servers will not accept mail from yours if it has no reverse DNS entry. (Check here)(This is not a block, per se, but a configuration standard. Correct this issue and Comcast mail servers will begin receiving your email.)

3. Is your server listed on the Spamhaus SBL/XBL (blacklists)? The Spamhaus SBL/XBL is a list of mail providers who have been detected as sending spam by Spamhaus. Comcast uses this list to protect its subscribers from receiving spam. (Comcast is known to employ Symantec’s Brightmail spam filter and blacklist. It is not known if Comcast currently uses Spamhaus; however, it has in the past. (Check Spamhaus here)

4. Eliminate “catch-all” addresses; adopt a policy prohibiting catch-all addresses or, at least, catch-all addresses that forward to a mailbox not on your server.

The default or catch-all address is a way to forward any email sent to a particular domain to another mailbox. It is an effective way to make sure that a domain owner receives all email sent to the domain; even those with misspelled user names.

With greater frequency, however, spammers “spoof” or forge your hosting clients’ domains to send spam. As you know, spammers will send their junk to tens of thousands of addresses from [anything]@thespoofeddomain.com. The bounces from invalid target addresses come back to the spoofed domain. If the catch-all address is enabled, the bounces are forwarded to the end mailbox. The bounced messages usually include the original spam so, to the mail server hosting the end mailbox, all of those messages look like spam from your server.

It appears that spammers will spoof several domains from the same server at once. If a significant number of your hosting clients have their catch-all enabled to forward to their actual Comcast mailbox, the Comcast mail servers could be hit with a flood of messages resembling spam and coming from your server.

Encourage your hosting clients to pick up mail from your server rather than forward to an outside mailbox. If you choose to allow catch-all mail handling, encourage your clients who are also Comcast customers to forward their mail first to a Gmail account, which can then be configured to forward to the Comcast mailbox. Not only will Comcast always accept mail from a such a large service, but Gmail has a great spam filter which will catch most of the spoofed spam.

5. Consider installing a Sender Policy Framework (SPF) record for your server and/or individual accounts. An SPF record associates a domain with specific sending mail servers, making it much more difficult for spammers to “spoof” or forge your clients’ domains. (OpenSPF site)

6. Is your site/domain hosted on a shared hosting server with hundreds or even thousands of other sites? It is almost like sharing a toothbrush with a thousand strangers– you may be `clean` but you never know what you’re going to catch!

Accounts in a shared hosting environment share the same IP or IP range. If you share the server with a spammer, your ability to send and receive mail can be negatively impacted by his activities, even if you do nothing wrong. If your host has a high tolerance for spammers or terrible support, your site may be blacklisted for weeks.

1. Choose your hosting company wisely. Avoid discount hosts;
2. Consider a Virtual Dedicated Server (VDS) or a dedicated server. The cost will be higher, but you minimize the problems associated with sharing a server. On a VDS, your site will be one of three to six; on a dedicated server, it’s just you.

7. 10/17/08: A reader has reported that Comcast is now offering the ability to subscribe to their feedback loop to callers to “Voicemail Hell.” The feedback loop sends you an email any time that a Comcast subscriber reports an email originating or passing through your server as spam. Because Comcast redacts their subscriber’s email address from the notice, it is almost impossible to track the email’s path through your server. We have found little value in the feedback loop, but subscribe anyway.

[This article is constantly under development. We welcome your suggestions for improvement.]