Most mail servers come with anti-spam tools that are not enabled by default and I thought I'd share my thoughts on what options are effective in fighting spam. If these anti-spam technologies are included in your mail server you should consider enabling these options. Hopefully this guide will encourage you to explore these options and reduce spam before it reaches your inbox, and who doesn't want that!
- DNS Blacklist (DNSBL), or sometimes called RBL, is a very effective method for fighting spam. When your mail server receives an incoming connection the IP address of that mail server is sent to a DNSBL service. If the IP is listed in the database for that DNSBL service it returns a true statement to your mail server. This tells your mail server that the IP is a known spammer and your mail server will typically reject the incoming connect immediately. If DNSBL returns false the SMTP session will continue. This usually happens after the SMTP 'Mail From:' command. This is a very efficient method for fighting spam since no data is sent to the mail server, only the sender information.
- Reverse DNS (rDNS). This is another very efficient technique. This involves finding the hostname of the connecting IP address. How is this different from regular DNS? When resolving a domain name your system uses DNS to find the IP for a particular domain, your DNS server will then return the IP address. When your mail server performs rDNS it reverses the IP and sends it to the ISP's DNS server responsible for issuing that IP address and looks for the existance of PTR or hostname entry. Typically PTR records are created for static IP's but not dynamic and a fair number or spammers send from dynamic IP.
- Spam Assassin. This is likely already enabled on your mail server but I wanted to mention it because there's many different components of Spam Assassin that's worth checking into; taking full advantage of all it's features. For example, it has header test, Bayesian, charset, DNSBL, Razor2, and many other features that can be adjusted to better combat spam, usually by increasing the score weight for a particular test.
- Bayesian Filtering. This approach takes spam probabilities of individual words (in the body of the message) and weighs the combination of words to conclude the percent probability for being spam. Usually this is used in conjunction with your mail servers spam scoring system and increases the total spam score.
- Sender Policy Framework (SPF). SPF uses DNS to publish a policy record for a senders domain. When checking for SPF your mail server takes the sender domain and looks up the policy to see if it complies, which typically includes the IP address of the mail server and what hostnames are allowed. Your mail server may have options that temporarily reject failed SPF or add to the spam score if SPF fails.
- Grey Listing. This is a fairly straight forward approach that takes advantage of the fact that spammers are lazy. When your mail server accepts a connection it will look up the IP in a database of allowed Greylisting IP's, if it's not in the list the IP will go through the Greylisting process. Your mail server will typically allow the connecting server to report the sender address and respond with 451 temporarily unavailable. This is where spamming servers usually give up. Normal mail servers will resend the message at a later time and then be accepted for delivery.
- Greeting delays. Spammers don't usually want to wait around trying to deliver a single message and will timeout in a very short period of time. If you put a delay (usually 20-25 seconds) on your mail server greeting message this can stop some spammers. Use this with caution, some mail servers won't wait more than 30 seconds for greeting messages.
- Relaying Security. Although relaying is not technically an Anti-spam tool it's important to ensure that your mail server is not allowing relaying as spammers take advantage of open relays to send most of their spam. See my post on Open Relay - Stop Spam Relaying.
