Major ISPs Publish Anti-Spam Best Practices 252
wayne writes "The ASTA, an alliance of major ISPs, has just published a set of best practices to help fight spam. The list of ISPs include the likes of AOL, Yahoo, MSN/Hotmail, Earthlink and Comcast. The recommendations include such things as limiting port 25 use, rate limiting email, closing redirectors and open relays, and detecting zombies. For details, see the ASTA Statement of Intent (pdf) or any of the ISP's antispam websites."
Don't forget SPF (Score:4, Informative)
press release on yahoo gives more info (Score:3, Informative)
don't put exchange as the first stop (Score:3, Informative)
Re:What about my personal mail server? (Score:2, Informative)
And then be prepared to continue filtering out spam (although with my setup, of the 100+ daily messages that would get into my inbox without filtering, I now get about 10, all marked as spam, with the rest getting blocked by the rbl lists and some custom rules).
Re:What about my personal mail server? (Score:4, Informative)
Basically don't relay mail for any user who you don't know (either by IP address or by SMTP authentication). Relaying is accepting mail for another domain and passing it on. If the server is the MX server for your domain, you must accept mail addressed to that domain regardless of whether or not you know the sending party.
>I will be using either Postfix or Microsoft Exchange.
I use sendmail, and I know that the "default" prevents unauthorized relaying. The latest version of Postfix or Exchange will almost certainly do the same. After you make any configuration changes, just verify that an outside machine can't send mail to another domain.
Whichever SMTP software you run, I'd recommend joining some comp.mail.* newsgroups.
*cough* *cough* (Score:3, Informative)
Out of this list of ISPs (AOL, Yahoo, MSN/Hotmail, Earthlink and Comcast), AOL is the ONLY ISP who is actively working in the antispam community - seriously. They've got a single contact for dealing with it and they are keeping their ax sharp and swinging it whenever needed.
All of those other 'posers are lying thru their teeth. Yahoo, MSN/Hotmail, Earthlink, Comcast? Antispam? They'd choke if they tried to say, "We're antispam". It's sad now that AOL has made a solic effort that they're going to be painted with the same brush as those other spam-havens.
Re:Don't forget SPF (Score:1, Informative)
Re:Penalties (Score:5, Informative)
The California law made the "beneficiary" of the spam responsible for it. And anybody could sue. That would have made hiring a spammer very risky.
Broadly defining the "beneficiary" could go even further. The credit card service provider, and the bank behind them, could be held responsible for spam if they processed a transaction resulting from spam. They profit from it, after all. A good lawyer could make the case now that they bear some responsibility, especially if they assist in any way in concealing the identity of the spammer.
We really need to go after the payment end of spam, not the sending end.
Re:Don't forget SPF (Score:1, Informative)
Re:Mail admin here, my solution was port 26 (Score:5, Informative)
Because port 587 is the one specified in the Message Submission RFC (RFC 2476).
Re:Best practices,... published? (Score:3, Informative)
SSH Tunnel (Score:2, Informative)
I used to just run sendmail directly on my PowerBook, but I got too many bounce messages from servers that refuse to accept mail from known dynamically allocated IP ranges, on the assumption that I must be a zombie spammer.
Re:limit port 25 (Score:3, Informative)