News from PANUG - May 29, 2001
http://www.panug.org
info@panug.org

SPAMMING THROUGH THE BACK DOOR
by Ed Sawicki

Many of us have put a lot of effort into reducing spam mail.
We create white and black lists of IP and email addresss,
check email headers for telltale words or terms, and we
use RBLs (Realtime Blackhole Lists) to take advantage of the
community effort that has gone into identifying spam sites.

However, the spammers are just as clever as we are. They've
learned how to get around our defenses. Their latest tactic
is to send their spam to our backup mail servers. For many of
us, our backup mail servers are run by our ISP. Most ISPs
don't do spam suppression. They don't maintain black and white
lists. They don't scan email headers. Many don't use RBLs.

When spam is sent to our backup mail server and it is forwarded
to our primary mail server, what do we do?

We certainly don't want to put our backup mail server in our
black list. The challenges of blocking spam that is relayed via
a non-spam site are considerable. What you need is a backup mail
server that implements spam suppression just like you do.

This can be accomplished in two ways:

1.Cooperative relationships between organizations. Two companies,
for example, agree to be each others mail backup. Each company's
primary mail server is the backup mail server for the other
company. This requires expertise in spam suppression at both
companies.

2.A E-mail service where people with the needed expertise care
for your email needs. This includes spam suppression, virus
scanning, attachment handling, mail archiving, etc. I'll be telling you
more about this in another article soon.