Vectors & Interfaces
The networking specialist
 About Vectors & Interfaces Network support services Useful resources PC News Contact The support specialist Support Guide

Measures taken by ISP & Mail Host to minimize spam



With around 30-40% of total Internet emails amounting to spam, ISP & hosting companies are taking various measure to ensure that their users get minimum amount of spam mails.

The first method is to do a reverse DNS check on the connecting IP and refuses connections if it is in the DNS blacklist of some of the more popular DNS blacklist provider like SPAMCOP. However, this method has recently been abused probably by those that hate SPAMCOP for what it does best.

The supporters of spams and spammers are reporting legitimate mails as spam and thus causing the list to be inaccurately list a lot of non-spamming IP addresses. This would probably affects provider with a more open system like SPAMCOP but not those that doesn't allows spam reporting.

The other weakness of this system (more due to the setup of the server software) is that it does not bounce the spams, it just refuses connection. Thus the spammer's mail server will keeps on retrying, while the spammer is snoring away in his sleep. The server could have just allow the connection and nuke whatever is in it so that there is not need to hear from these losers.

For mail admins, please take note that the original SPAMCOP is a dot net site, not a dot com and you can get the blacklist only from them. The cheap wannabe dot com does nothing of that but gets all the credit by selling you a commercial software. A real discredit to the original intend of the spamcop.net owner.

There are also some methods that are built-in or add-on modules to the existing mail server software like Exim that does reverse host lookup. This would be useful against spammer that connects directly to mail servers to dump their mail. If a reverse lookup does not resolve to the domain that the spammer claim that they are sending from, the message will be rejected. The failing of this method is for those who are sending their domain mails through their ISP's mail server. (eg sending from email address webmaster@def.com.sg via singnet.com.sg's server) When the mail bounces back, the user has no idea what when wrong.

The last method would be to blocked all dialups and broadband IP addresses plus block all IP addresses that doesn't have correct PTR record. This will virtually block a big portion of the Internet that has their IP addresses dynamically assigned.

In a way, this has become one of the most effective method due to the huge amount of trojan infected machines (eg. Sobig) that are presently offering the contact lists on their machines to the spammers, help spammers proliferate by sending spam from their existing connection, conduct attacks on anti-spam organisations, etc.

Subsequently filters may be imposed on the message contents using software like spam assassin, spambayes with varying mileage.

For some strange reasons, spammers don't like being blocked but they're ok with filtering after they have delivered their messages.

When I enable spamassassin, the spam coming in seems to double but when I block them with a strict filtering at the server, their attempts reduces drastically. Which means that when they are not blocked, they send you more spam, probably hoping that some will reach you even with the filter.