Four-fifths of spam now emanates from
computers contaminated with
Trojan horse infections, according to a study by network
management
firm Sandvine out this week. Trojans and worms with
backdoor components
such as Migmaf and SoBig have turned infected Windows
PCs into drones
in vast networks of compromised zombie PCs.
At Earth First to reduce the overall load of inbound
spam, we use several filtering lists to reject known
spam sources. |
 |
The Spamhaus list is in use on every server. Spamhaus lists
the rather well-known spammers as they move from network to
network. Other lists that may be in use on various servers
include:
zombie.dnsbl.sorbs.net - this list is used to reject mail
from hijacked or "zombied" netspace, where no legitimate
mail should originate. This list is in use on every server.
relays.ordb.org - this is the relays portion of the Open Relay
Database (ordb), and encompasses verified open relays that
are currently used or are likely to be used as injection points
for spam. Open relays are typically abused by spammers since
they require no authentication for anyone to send mail through
them:
smtp.dnsbl.sorbs.net - The open SMTP relay portion of the
SORBS (Spam and Open Relay Blocking System) list. Like the
above, this is a list of SMTP servers that do not require
authentication in order to relay mail through them. Such systems
can be and often are used by spammers.
cbl.abuseat.org - the Composite Blocking List from abuseat.org,
this list is comprised of open relays, open proxies, and known
spam sources.
spews.org - the Spam Prevention and Early Warning System lists,
which comprise known spam sources and/or spam support services.
As noted, not all lists need to be in use on every server.
Filters are tailored to the needs of individual servers: servers
where clients are being spammed dictionary-style (where addresses
at the client's domain are selected at random from huge lists
- albert, andy, becky, bob....), resulting in hundred of thousands
of messages per day, may use all available filters, for instance.
Other servers, where spam loads are lower, may use only the
default spamhaus list (this is the case on almost all servers
at this time).
For the website user we also offer Spam Assassin. This software
allows clients to assign scoring to their inbound mail to
determine if a piece of mail is spam or not. Options are available
to send mail tagged as spam to a special mailbox for later
review, or send mail tagged as spam directly to the trash
without being viewed. Please note: if you elect to
have SpamAssassin send mail tagged as spam to a spam mailbox,
please ensure you check and clear that mailbox on a periodic
basis. Failure to do so can result in disk quotas being exceeded,
which will delay new mail until adequate space is cleared
on the account for delivery.
If your mail (or mail sent to you on our servers) is being
rejected by our systems due to filtering by any of the above
server-level lists, and you believe this to be an error, please
contact the helpdesk. Whitelisting of IPs is available to
allow mail to come through from senders who would otherwise
be blocked. Please forward the entire bounced message to the
helpdesk so this process can be completed.
Are there any domains from which mail will never
be accepted?
Currently, we maintain a list of domains known to be solely
used in spam (that is, they are not domains used for any other
purpose than a return address for very large spamming operations).
Any questions regarding spam filtering, either at the server
level or the client level, can be directed to the helpdesk.
|
