One thing everyone at least thinks about at the start of the New Year is making one or more resolutions. New Year’s resolutions are commitments to change behaviours for the better, and to be things most people plan to stick with going forward. I’m not going to ask you to give up soda pop, or to exercise every day, but I am going to suggest thirteen New Year’s resolutions to help stop spam.
1. SPF Hard Fails
We’re going to keep beating this drum until everyone is dancing to the same beat. Configure your SPF records for hard fails so that others can reject spoofed mail that looks like it comes from your domains.
2. Reject SPF failures
And while you are thinking about SPF, configure your edge to reject any email that comes from a source that fails an SPF test. Your users will get less junk, and you will have to process fewer messages through the rest of your filters.
3. Disable VRFY
Spammers still try to get email addresses from systems. One way to stop their recon attempts is to make sure your edge does not support the VRFY command.
4. Tarpit Directory Harvesting Attempts
And then, configure your edge to tarpit or reject connections from any system that continues to try sending emails to bogus addresses or other Directory Harvesting activities.
5. Block Outbound SMTP
To help ensure that your own users are a part of the problem, block outbound SMTP at your firewall, and configure your SMTP relays to only accept email from approved internal systems. Relay for any and all that have a legitimate reason to send email out, but make sure that you are aware of any systems that do, and that they are not doing anything you’d rather control through the corporate email system.
6. Configure Sender Limits
Marketing, Sales, and other groups may be tempted to send out emails that wind up looking like spam. One thing you can do to make sure that they don’t start bulk mailing on their own is to limit the number of messages anyone can send in an hour, the number of recipients any one message can be sent to, and while you are at it, put a reasonable file attachment limit on your outbound connections.
7. Confirm Your Distribution Lists
Go through any or all of the distribution lists your company uses, and make sure that they are still valid, and that all addressees still want to receive your messages. While it would be great to have all users opt-in to continue receiving messages, at the very least send out an offer to unsubscribe, and then check all the NDRs you receive to purge invalid recipients.
8. Use Only Opt-In Distribution Lists
And while you are focused on distribution lists, establish policies that your users can only purchase or use opt-in distribution lists to make sure that the people who are being sent your messages really want them.
9. Use Third Party Bulk Mailers
To help protect your systems and networks from being associated with spam, make sure that you send all your bulk email using third party remailer services. They have multiple servers and circuits to handle the load, and if anyone does flag a sender as a spammer, it won’t impact your normal daily email systems.
10. Process Unsubscribe Requests Immediately
One of the best things you can do to maintain good will is to process unsubscribe requests immediately. If someone does click that unsub link, remove them immediately. Don’t ask questions, don’t take two to three weeks, don’t send them another email, or plead with them to stay.
11. Scan Both Inbound and Outbound Mail
When you scan your outbound mail the same as your inbound, you can catch messages that others might flag as spam, and also help protect others from malware.
12. Scrub Your Webpages
13. Implement Contact Forms
You don’t always have to put an email address on your website. Contact forms do a very good job of providing ways for customers and others to send email to your users, without ever having to put an email address online.
And your bonus resolution is simple.
Keep Reading AllSpammedUp.com!
There are two things you can count on when it comes to spam and 2013. The first is that spam won’t be going away anytime soon. The second is that AllSpammedUp.com will keep bringing you the best coverage on spam news, developments, new technologies, and best practices. We’re all about our readers, so if there is something specific you wish we would cover here, leave a comment and let us know what you’d like to see! We’re happy to consider requests.