Skip to main content

What Can A Systems Administrator Do To Control Spam?

A number of technical measures exists which can dramatically reduce the amount of UCE/UBE flowing through a system, and which can make it harder for users to send out spam undetected.

  1. Verify that your servers are secured against third party mail relaying. A mailserver which allows third party mail relaying has the potential to become an unwilling contributor to the spam problem. Servers which are open to third party mail relaying should be fixed IMMEDIATELY. The cost of leaving an unsecured mailserver online may be extensive due to blacklists such as this one.
  2. Monitor postmaster and abuse aliases closely. These are how the internet lets you know you have a problem. Ignoring these aliases, or not configuring them properly is irresponsible and inexcusable.
  3. Understand your options for controling access to your mail server. These may include router ACLs, firewalls, packet filtering on the server itself, and rulesets enforced by the mailserver itself, such as sendmail's access_db.
  4. Consider implementing and maintaining a local (private) blacklist for your mailserver(s). This lets you refuse mail from what you consider to be problem areas.
  5. Monitor your mailserver logs for possible problems.
  6. Consider implementing basic checks on the validity of sender addresses. This will potentially stop a lot of spam, as the forged addresses contained in spam are often poorly constructed, and are often invalid domains.
  7. Consider implementing checks on the header of a message for possible indicators of spam. Spamware often adds poorly constructed or obviously falsified headers to messages in an effort to make them seem legitimate. A common example is the addition of X-UIDL headers, which are normally added by POP3 clients when they check mail, and normally aren't present in incoming SMTP mail.
  8. Consider using one or more of the publicly queryable blacklists to block mail, or to add headers which individual users can easily use to block mail.
  9. Consider blocking port 25 at your borders so that all mail must come through authorized mailservers. This will prevent unauthorized mailservers which you may not even know about from creating a spam problem. If you block in this way, consider blocking both inbound (to disable unauthorized mailservers), and outbound (to prevent direct access to outside mailservers).
  10. If possible, provide individual users the means to filter their own mail.
  11. Consider rate-limiting outgoing mail from each user. This won't stop your users from spamming, but it will slow them down, and it will limit the number of spams which can be sent before the problem is noticed.
  12. Deal with spammers on your own system promptly. Users who have recently turned to spam can often be shown the error in their ways and turned away from spam. Hard core spam gangs are uneducatable, and should be terminated on sight.
  13. Encourage your users to report spam to the originating provider promptly if they understand how to trace it. Educate users on how to understand mail headers.
  14. If you don't have ethical objections to doing so, consider using content filtering to detect mail which is obviously spam