Let me begin by saying that I hate spam. While I am not fond of the luncheon meat either, I am referring to junk email. I hate spam a lot as it is generally offensive and a big waste of time. My opinion about this has moved more towards the hating end of the spectrum lately because of the explosion in the amount of spam that I have been receiving lately, and I am afraid that with list sharing and the general practice of never removing anyone from a list including bad addresses that this is just the tip of the iceberg.
Working in IT, I used to tell those who complained
"Just hit the delete key - that's what it's there for."
"But I get almost 10 of them per day" they would reply.
"Big deal." - I would think to myself. Little did I know that the 10 per day would turn into 30-75 a day for me in the not too distant future, and that is only my email at work - I receive even more than that at home in a given day, and I know that others receive more than that.
Well intentioned fellow spam haters have formed blacklists. Some of these are:
relays.osirusoft.com
bl.spamcop.net
multihop.dsbl.org
list.dsbl.org
relays.ordb.org
relays.visi.com
blackholes.mail-abuse.org
dialups.mail-abuse.org
relays.mail-abuse.org
rbl.maps.vix.com
This sounds like a great idea - spammers are identified and a master list is kept so people can refer to in order to block junk e-mail from coming into their inboxes.
But…
Sometimes these lists are maintained in an over-zealous manner. When I attempted to activate all of the above services on my anti-spam software (Nemx Power Tools for Exchange Server - which by the way is a great product and anyone with a small-medium sized company that uses Microsoft Exchange server should buy it) I decided to first log all of the mail that would have been rejected before actually rejecting the mail.
I took a look at the list and first off, only three of the above lists had any effect on blocking spam whatsoever. Every one of those three had rejected at least one legitimate email message within the first 24 hours. At first this was enought to make me reject the use of the blacklists alltogether, but after seeing that two of the lists are pretty good (relays.osirusoft.com and bl.spamcop.net) and don't reject very much legitimate mail I decided to go ahead and activate those lists.. If these Internet black lists, also known as RBL or Realtime Blackhole List, would just take a conservative approach and nail only those who are truly offenders then they would be a more useful resource. Instead, they block domains like attbi.com (AT&T Broadband), hotmail.com, earthlink.net, that don't do enough (in their opinion) to shut down spammers. They also block smaller companies that haven't properly protected their mail servers against open relay abuse from spammers on the outside who have no relationship with those companies at all. This is just plain not helpful. Their concept is that by blocking ISPs and domains that are not completely spam unfriendly that they can put pressure on them to change their ways - fine for them, but what about people who are using their lists who are unaware of the fact that they are also turning away legitimate business and personal correspondence?
This is a problem. I have reluctantly started using the two blacklists mentioned above, and simply have automatic email going out those on the blacklist telling them that they are on the blacklist and letting them know how to appeal to get off of it. I have received surprisingly few calls from vendors and customers - the largest portion by far of the mail caught by the blacklists is spam. To do their job properly, an email server manager has to manage their list of "friendly IP addresses", whose messages are allowed to come in whether they are on a blacklist or not. Other than RBL use, I use content filtering based on text within messages in the body, subject and sender's address. You can also try to block strange practices like putting the name of the sender and the receiver as the same address in the header of the message, but when you do this you end up blocking legitimate electronic newletters and other lists that people actually sign up for.
In my perfect world, there would be some sort of Federal regulation requiring specific text to be inserted in any unsolicited email, commercial or otherwise. Perhaps the text could vary to specify the type of email it was - charity related, commercial, commercial/sexual, charity/sexual (just proving I do have a sense of humor), newsletter, etc. so that text sensitive blocking would be easier for those who chose to do it. Stiff fines would exist for those who violate these requirements and those who hire them to send out ads for them. Those who like reading all that garbage could continue to let their email come in unblocked and the rest of us could leave our email systems running not being afraid of rejecting a joke a friend sent us about Viagra because it had violated a text-sensitive rule.
Having said that, we don't live in this perfect world. We live in one where idiots are bombarding us with opportunities for refinancing our mortgages, seeing pictures of Britney Spears, enlarging our body parts, buying really cheap inkjet cartridges, and tons of other fabulous opportunities that 99.99999% of us see the subject for and then push "Delete". Those who don't do that are a big part of the problem because they keep the ball rolling and the money flowing.
I am developing some pretty good spam blocking rules for Nemx Power Tools, and may soon be selling some software that allows a manager of an Exchange Server with Nemx installed to easily view their Nemx logs for possible legitimate mail that has been rejected and also to allow them to figure out which of their rules work best because Nemx has a limit on the number of rules you can have in force. I use this custom software myself now and at this point it is a bit specific to my particular company, but if there is enough interest I intend to make it more generic and market it (no, not through email) to Nemx Power Tools users. The software does two things - it analyzes nemx log files and puts summary reports on the screen so you can quickly review all rejected messages for any given time period and it allows you to clean up the log file (because Nemx has a limit of 24MB on their log files) and delete either old entries or entries with specific words in them. If you want more information, contact me at alan@apsnw.com, otherwise, keep track of this page as I will probably put up more information later. At that time, I will sell with it the content, subject, and originator rules that I have developed to give people a good start. My rules are very effective and in combination with the RBLs block more than 95% of spam sent to our organization.
Thanks for listening to my ranting and raving.
-Alan Denke