Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Spam The Internet

Major ISPs Publish Anti-Spam Best Practices 252

Posted by michael from the rules-to-live-by dept.
wayne writes "The ASTA, an alliance of major ISPs, has just published a set of best practices to help fight spam. The list of ISPs include the likes of AOL, Yahoo, MSN/Hotmail, Earthlink and Comcast. The recommendations include such things as limiting port 25 use, rate limiting email, closing redirectors and open relays, and detecting zombies. For details, see the ASTA Statement of Intent (pdf) or any of the ISP's antispam websites."
This discussion has been archived. No new comments can be posted.

Major ISPs Publish Anti-Spam Best Practices More

Major ISPs Publish Anti-Spam Best Practices

Comments Filter:

  • Don't forget SPF (Score:4, Informative)

    by Anonymous Coward on Tuesday June 22, 2004 @02:06PM (#9497375)
    Several large ISPs are backing SPF [pobox.com]. I even noticed my ISP, Verizon, who tend to be quite lazy and stupid when it comes to spam (and other things), have added an SPF record.

  • don't put exchange as the first stop (Score:3, Informative)

    by vg30e ( 779871 ) on Tuesday June 22, 2004 @02:19PM (#9497511)
    Most of exchange problems occur when you have an exchange server being the SMTP gateway. IF I were you, find a product to be the SMTP gateway that doesn't use anything made by Microsoft. There are also serious problems using the IIS SMTP service to talk to exchange. So, in short, get another kind of SMTP gateway to run the SMTP service, and then run Exchange behind it forwarding all mail to your non-microsoft gateway.

  • Re:What about my personal mail server? (Score:2, Informative)

    by forevermore ( 582201 ) on Tuesday June 22, 2004 @02:19PM (#9497515) Homepage
    Unless you need the groupware functionality of Exchange, go with postfix or courier [courier-mta.org]. Then install Spamassassin [spamassassin.org] and Rules du Jour [exit0.us] to keep your spamassassin rules up to date, and a good serverside antivirus program like Clam [sourceforge.net]. Also, configure some blackhole servers (I use dnsbl.sorbs.net, list.dsbl.org, dnsbl.njabl.org and relays.ordb.org).

    And then be prepared to continue filtering out spam (although with my setup, of the 100+ daily messages that would get into my inbox without filtering, I now get about 10, all marked as spam, with the rest getting blocked by the rbl lists and some custom rules).

  • Re:What about my personal mail server? (Score:4, Informative)

    by thedillybar ( 677116 ) on Tuesday June 22, 2004 @02:22PM (#9497556)
    >Is there a guideline that can help me figure out what steps I need to take to harden my mail server?
    Basically don't relay mail for any user who you don't know (either by IP address or by SMTP authentication). Relaying is accepting mail for another domain and passing it on. If the server is the MX server for your domain, you must accept mail addressed to that domain regardless of whether or not you know the sending party.

    >I will be using either Postfix or Microsoft Exchange.
    I use sendmail, and I know that the "default" prevents unauthorized relaying. The latest version of Postfix or Exchange will almost certainly do the same. After you make any configuration changes, just verify that an outside machine can't send mail to another domain.

    Whichever SMTP software you run, I'd recommend joining some comp.mail.* newsgroups.

  • *cough* *cough* (Score:3, Informative)

    by Anonymous Coward on Tuesday June 22, 2004 @02:24PM (#9497582)
    *COUGH* bullshit *COUGH*

    Out of this list of ISPs (AOL, Yahoo, MSN/Hotmail, Earthlink and Comcast), AOL is the ONLY ISP who is actively working in the antispam community - seriously. They've got a single contact for dealing with it and they are keeping their ax sharp and swinging it whenever needed.
    All of those other 'posers are lying thru their teeth. Yahoo, MSN/Hotmail, Earthlink, Comcast? Antispam? They'd choke if they tried to say, "We're antispam". It's sad now that AOL has made a solic effort that they're going to be painted with the same brush as those other spam-havens.

  • Re:Don't forget SPF (Score:1, Informative)

    by Anonymous Coward on Tuesday June 22, 2004 @02:28PM (#9497625)
    AOL has stated they'll be using SPF by August (if not sooner)

  • Re:Penalties (Score:5, Informative)

    by Animats ( 122034 ) on Tuesday June 22, 2004 @02:42PM (#9497770) Homepage
    Exactly. That's what California enacted as law, and what the Direct Marketing Association successfully blocked by pushing the CAN-SPAM act through.

    The California law made the "beneficiary" of the spam responsible for it. And anybody could sue. That would have made hiring a spammer very risky.

    Broadly defining the "beneficiary" could go even further. The credit card service provider, and the bank behind them, could be held responsible for spam if they processed a transaction resulting from spam. They profit from it, after all. A good lawyer could make the case now that they bear some responsibility, especially if they assist in any way in concealing the identity of the spammer.

    We really need to go after the payment end of spam, not the sending end.

  • Re:Don't forget SPF (Score:1, Informative)

    by Anonymous Coward on Tuesday June 22, 2004 @03:02PM (#9498066)
    It breaks the CURRENT method of forwarding, but it doesn't mean there isn't a replacement. If people want to have some idea of who is sending them email, then this needs to be done.

  • Re:Mail admin here, my solution was port 26 (Score:5, Informative)

    by harlows_monkeys ( 106428 ) on Tuesday June 22, 2004 @03:06PM (#9498107) Homepage
    I do run authentication and SSL is on its way, but care explaining why port 587 would be any better than, say, 26?

    Because port 587 is the one specified in the Message Submission RFC (RFC 2476).

  • Re:Best practices,... published? (Score:3, Informative)

    by jkabbe ( 631234 ) on Tuesday June 22, 2004 @03:19PM (#9498249)
    Comcast has indicated they will be doing just that. Other ISPs are beginning to shut down port 25 for everyone. As many times as I have disagreed with Comcast in the past, I like their plan of action this time.

  • SSH Tunnel (Score:2, Informative)

    by santiago ( 42242 ) on Tuesday June 22, 2004 @03:28PM (#9498340)
    I have a command-line alias set up to use SSH port reflection from port 25 on my laptop to port 25 on my server. My mail client is then configured to use localhost as the outgoing mail server. Whenever I need to send email, I just need to enter one command in a terminal window to enable it until I move elsewhere and the connection is broken.

    I used to just run sendmail directly on my PowerBook, but I got too many bounce messages from servers that refuse to accept mail from known dynamically allocated IP ranges, on the assumption that I must be a zombie spammer.

  • Re:limit port 25 (Score:3, Informative)

    by FireFury03 ( 653718 ) <slashdot@NoSPAm.nexusuk.org> on Wednesday June 23, 2004 @05:02AM (#9504684) Homepage
    TFA says clearly that blocking port 25 is a problem for those of us who run our own SMTP servers (and no I won't be forwarding through my ISP's smarthost - it's pointless, adds another point of failure and like I trust an ISP to make services work right :). The article also says that ISPs must accommodate these people by allowing people to unblock port 25 if they have a legit use for it. IMHO the document is very well written - when I downloaded it I was expecting to see a "block everything except web" type overreaction and was pleasantly supprised.

Slashdot Top Deals

The Tao is like a glob pattern: used but never used up. It is like the extern void: filled with infinite possibilities.

Close