My Fight Against Spam
by Ian McPherson I have had a web server for about four years now. I have upgraded twice, from a slow old Power Macintosh, to a mid-range 233MHz iMac, to a 450MHz G4 Cube. We recently added a newer iMac to our SHDSL connection to run the e-mail, serve some databases and a list server, and generally share the load.
During this time, my rudest awakening was to the harsh reality of spam. To be fair, I was warned by my ISP, yet I was so keen to run my own e-mail server that I underestimated the dangers. Then, one busy Monday morning, the e-mail server was flooded with mail, as over 6,000 unauthorized commercial messages exploded out of the server across the internet!
After a couple of panic phone calls to our ISP, I was informed that I had mis-configured the e-mail software and the server was acting as an open relay. An open relay, I soon discovered, was a big no-no on the web, as spammers can use your server to send their unwanted messages, almost without limit.
What's worse is that the spammers have no scruples about the practice at all, and view fledgling webmaster as fair game. Even when I tracked the culprits down and had their free e-mail account cancelled by their provider, they were back a day later from a different free mailbox and I was on the defensive again, fending off their relaying efforts.
Then, to make matters worse (even though it was not their intention :), I received an e-mail from MAPSSM, a Mail Abuse Prevention System on the web, which had listed our e-mail server as an open relay, and was preventing us from communicating with ISPs which supported their spam e-mail prevention systems.
As you can imagine, I'd had just about enough of this! So, in consultation with our ISP, I locked down the server software (Eudora Internet Mail Server), following the instructions on Eudora's New Zealand website on how to secure it against relaying. This worked almost immediately, barring the spammers and lifting a great weight from my shoulders.
In around two days we were removed from the MAPS blacklist, and were again free to communicate without restriction for our clients. This would have been a happy ending to a bad experience, but the spam never, ever stops. It's an unusual day when the spammers aren't testing our defenses, trying new relaying techniques and discovering loopholes in the software that require updates and vigilance.
Inevitably, these experiences have changed my attitude greatly. I no longer view relayed junk e-mail as an annoyance to be deleted from my inbox or tolerated on the server, but a war waged against honest people, by unscrupulous opportunists too cheap to pay their own way. And I openly applaud the work people like MAPS are doing to rid the web of these cheats, even though it frequently gets the organization into legal hot water.
So, if you're thinking of running your own in-house e-mail server, don't you make the same mistakes I have. Do yourself a favor. Visit MAPS and read their excellent page on providing ethical list management practices, and learn how to secure your e-mail server against relaying before it happens.
Because, with organizations like the US Direct Mail Association openly resisting spam prevention measures, it's only a matter of time before the spammers get around to you!
More reading: See you all in the next issue! Ian McPherson
DownUnder Editor |
