Bart Shaefer, CTO of iPost, pinpoints a major step any web host can take to keep spam from becoming a problem. "The first and most important thing Web hosting vendors should do is perform due diligence checks up front -- before agreeing to provide service." He should know how important that is; his company serves other firms that send legitimate opt-in-only mailings, and it handles huge volumes of email.
So how do you perform due diligence? You can start by doing the same things you might do to check a prospective employee -- use Google or another search engine to see what you can learn about the person and his or her company. Don't skip over doing a credit check; spammers often have no credit or bad credit. But this is just the beginning.
Check your customer's IPs and domains against black lists; there are many public ones you can use. Be wary if a domain is not registered. Check for address and telephone number matches. Since customers can get a little touchy when you ask a lot of questions, make it clear why you're going to so much trouble. Legitimate customers don't want to be associated with spammers any more than you do!
One source you should go to when checking out your customers is the Spamhaus Project (www.spamhaus.org). Among other things, this organization maintains the ROKSO database: the Registry of Known Spam Operations. Spammers on this list have lost their accounts with at least three ISPs for spam-related offenses. These people are hard-core; just 200 "spam gangs" send 80 percent of the spam received by Internet users in North America and Europe, and most of them are listed in the ROKSO database, according to Spamhaus. To quote the organization's web site, "The vast majority of those listed here operate illegally and move from network to network (and country to country) seeking out 'spam-friendly' Internet Service Providers ('ISPs') known for lax enforcing of anti-spam policies...These are the spammers you definitely do NOT want on your network."
Google Groups is another place to check; specifically, search the news.admin.net-abuse newsgroup. But use it carefully. Many postings aren't real; they're forgeries designed to hurt legitimate parties, sometimes created by spammers in an attempt to shift the blame from those who are truly at fault. Also, make sure you don't confuse spammers with those who have received spam and are simply reporting an offender.
Protecting Your Customers from Spam
Everyone hates spam, and there seems to be no escape from it. As a web host, however, you're closer to the front lines of this battle than your customers. In this article, I'll detail some of the steps you can take to keep this unsolicited annoyance from getting out of hand.By some estimates, spam, also known as unsolicited bulk email, has already gotten out of hand generally across the Internet. Ferris Research estimated that the cost of spam to the United States economy came to more than $10 billion in 2003. That takes into account the consumption of computing resources, help desk personnel time, and worker productivity (after all, the few seconds spent deleting each of those emails adds up). When Intermedia.NET launched its new SpamStopper service, it cited 2006 research which estimated that spam "represents over 66% of all email sent, and more than 10% of lost productivity."
The federal anti-spam laws have done little if anything to stem the tide. As Scott Chasin, chief technology officer for anti-spam company MX Logic notes, "Predictions of the impending death of spam are premature. While significant advances in anti-spam technology have made it possible to relieve email users of unwanted commercial email before it hits their in boxes, spam still makes up the majority of all email traffic -- imposing a significant burden on the Internet and on the effectiveness of email."
The situation may sound bleak, but it isn't hopeless. You will need to be proactive in the battle, however, since there is no automated program that is 100 percent effective against all spam. Even if there were, spammers (and especially phishers) are clever; as fast as anyone comes up with ways to filter spam, they come up with ways to get around the filters. For example, when spam filters started blocking emails that contained words used frequently in spam, spammers just started using variations of the words or corruptions of them that would still get the point across.
Sure, you need to have automated programs guarding your customers' in boxes, but you also need to engage in manual monitoring. Check uploaded files for common spam scripts, watch server loads, and keep an eye on your customers, especially new ones, for unusual behavior. Register your email with spam fighting sites, such as Spamcop.net or Abuse.net.
If you do find yourself with a spam problem on your hands, you need to have an action plan in place. Create one now, before you have to use it. Don't attribute to malice what can be explained by ignorance (yes, there are still people who are ignorant of spam, or at least of how to handle it).
No comments:
Post a Comment