With around 30-40% of total Internet emails amounting to spam, ISP & hosting companies are taking various measure to ensure that their users get minimum amount of spam mails.

The first method is to do a reverse DNS check on the connecting IP and refuses connections if it is in the DNS blacklist of some of the more popular DNS blacklist provider like SPAMCOP. However, this method has recently been abused probably by those that hate SPAMCOP for what it does best.

The supporters of spams and spammers are reporting legitimate mails as spam and thus causing the list to be inaccurately list a lot of non-spamming IP addresses. This would probably affects provider with a more open system like SPAMCOP but not those that doesn\'t allows spam reporting.

The other weakness of this system (more due to the setup of the server software) is that it does not bounce the spams, it just refuses connection. Unless there is enough bandwidth to handle the huge army of botnets that spammers control, it may sometimes cause denial of service to the legit users.

For mail admins, please take note that the original SPAMCOP is a dot net site, not a dot com and you can get the blacklist only from them. The dot com domain is a anti-spam software company that does not maintain a DNS blacklist.

There are also some methods that are built-in or add-on modules to the existing mail server software like Exim that does reverse host lookup. This would be useful against spammer that connects directly to mail servers to dump their mail. If a reverse lookup does not resolve to the domain that the spammer claim that they are sending from, the message will be rejected. The failing of this method is for those who are sending their domain mails through their ISP\'s mail server. (eg sending from email address [email protected] via singnet.com.sg\'s server) When the mail bounces back, the user has no idea what when wrong.

The last method would be to blocked all dialups and broadband IP addresses plus block all IP addresses that doesn\'t have correct PTR record. This will virtually block a big portion of the Internet that has their IP addresses dynamically assigned.

In a way, this has become one of the most effective method due to the huge amount of trojan infected machines (eg. Sobig, NetSky, Sober, Mydoom) that are presently offering the contact lists on their machines to the spammers, help spammers proliferate by sending spam from their existing connection, conduct attacks on anti-spam organisations, etc.

Subsequently filters may be imposed on the message contents using software like spam assassin, spambayes with varying mileage.

Generally blocking is better than accepting then filtering spam as spammers don\'t like being blocked but they\'re ok with filtering after they have delivered their messages.

Tested in various scenarios, spam doubles when they are accepted & then filtered off but reduces drastically when blacklisted connections are dropped continuously. Spammers will also retry connecting with the same IP address unlike in the past where they will change to the next available host in their botnet. This is probably an attempt at bypassing greylisting in place on some servers.

As of May, 2009 Spam is now 90% of all e-mail.

Main Page