How To Beat Spam!
Spam. Can’t mention it without cringing. For web hosts whose business is to provide a resource that can be exploited by spammers it’s a never-ending challenge. Until there are better solutions available, web hosts need to take proactive steps to stop abuse, protect their business and customers. Here are some things you can do if not already implemented.
Unfortunately, there is no effective all automated solution yet. So you should rely on both automated and manual methods. You should monitor uploaded files for common spam scripts, server loads and unusual customer behavior especially new customers. Registering your email with sites such as Spamcop.net or Abuse.net could help channel complaints to you not your uplink. This way you can hopefully stop the problem first instead of a rude wake up call from your uplink.
Despite your best efforts, there will be times you’ll be taken for a ride. So draw up an action plan what to do when that happens. Be firm but rational. Remember, your customers may not be savvy about spam; they could have left their accounts open to someone else to use. The possibilities are plenty. It’s awfully easy to be angry with accused spammers but it’s also very difficult to gain good customers and keep them. This brings us to the next point, education.
Education is key to both your staff and customers. Keep up with the trends and technology spammers use. Teach your staff what to look for in new customers and why you do it. Set firm policies about using company email such as restricting use for business use only.
For customers, create informative pages on your web site or publish in your newsletter, tips to fight spam either using tools you have available or other methods. Teach them good emailing habits and also what to do if they are accused of spam.
Although this is a low level form of prevention, when done with other methods you can hope to weed out obvious spammers. Check customer IP’s and domains against blacklists or search in Google or Google Groups. If a domain is not registered, be cautious. When checking up customers, remember to look out for address or telephone number match also. Find out as much about your customers as possible, make sure they check out. Some customers are touchy when you start asking a lot of questions so it’s also good to make known to new sign ups your approval process and why you do it. When explained tactfully, many customers will understand and be glad because they don’t want to be affiliated with spammers any more than you do.
If you currently have instant account activation, you may want to review how effective it is for your business. Spammers love this because they can quickly set up an account, send thousands of spam and be on their way again. By the time you find out, the damage has been done. By all means have a quick and easy account activation procedure but work in a manual approval step.
Technical Set Up
Have SMTP authentication turned on and ensure your servers are not used as open relays. If you have form mail scripts for customer use, make sure you are using a secure one. Certain form mails are easily exploited. Again, educate your customer. If they don’t use a script provided, let them know what to look for in a good form mail script.
Set up clear acceptable use policies (AUP). Many web hosts have also included a stiff penalty for spamming. This is often debated because spammers obviously pay little attention to the law and one would hardly be able to collect the fees since many spammers are located off shore. On the other hand, having stiff penalties could stop customers from developing spamming habits. It also forces the more responsible businesses to carefully review their communications before sending out a mail piece. After all, if you’re a spammer and never got caught, you’ll continue because it cost you nothing. For some excellent AUP examples, find them at Spamhaus.org (http://www.spamhaus.org/aups.html).
Web hosting is a business after all, with bottom lines to watch. The measures mentioned are blanket steps that may not work for all customers. You will have customers you trust with large legitimate mailing lists. Depending how much you value that customer, it’s worthwhile to work with them so you know what is going on. You could also have a modified your AUP for that customer, use your discretion.