DER Management

I recently offered some commentary on controlling SPAM at the mail server that I felt was worth sharing. This feedback was provided to a user whose mail server was under nearly perpetual attack from name harvesting and other issues.

Doing reverse lookups of REPLY-TO or FROM addresses against MX records or DNS for assurance that a sender is legitimate is a dicey business, particularly since headers are so easily written to say anything - for legitimate reasons or otherwise.

Also, it’s quite possible a host is serving email for multiple domains. For sender validation, this creates complexity. We might find that an MX check identifies an IP address that not match the expected hostname via reverse DNS lookup. One could find this to be a very dis-satisfying means of “authenticating” the senders, depending upon the constraints this “validation technique” applied.

If you are not doing so, you SHOULD consider using Spamhaus (irrespective of pending litigation) as an RBL/SBL filter against connections to your server in the first place. If you find another xBL list to trust, that’s fine, but use something! The easiest way to prevent spam is to refuse to listen to it. Easier said than done, yes, but I would advocate this approach if it will suit your goals.

I would NOT worry about preventing name harvesting if your spam filters are working and learning. This is a personal opinion that would probably be over-ruled by “best practices”, but my view is that you can exhaust yourself trying to fine-tune a system to be “spam free”, until the spammers change tactics and you’re taking it in again. My belief is that unless you are taking on many new user accounts every week/month, it’s quite likely that the horse is already out of the barn with regard to your domain(s) being profiled for valid email addresses.

I prefer to be as efficient as possible in processing mail and getting it off/through my system as quickly as possible. Yes, that means users sometimes see spam, but I minimize the impact a spam run will have (in theory…)

Big payoffs come from continually educating the users to avoid common traps…
- careful use of unsubscribe links for those unsubs that are authentic versus provided to harvest. if they can’t tell the difference, don’t use it.
- not subscribing to or posting to “lists” unless necessary through their email address
- don’t share their email address to brokers of things like mortgages, insurance, etc… often their privacy policies allow for selling/leasing information to 3rd parties for business or related contact…
- avoiding chain letter emails
- avoiding responding to spam
- avoiding posting their email in unscrambled form
- etc….

Sometimes it’s tough to undo their past mistakes, but the users need to understand that they have a role in managing their own exposure.