Thirteen Resolutions for 2013 To Help Stop Spam

One thing everyone at least thinks about at the start of the New Year is making one or more resolutions. New Year’s resolutions are commitments to change behaviours for the better, and to be things most people plan to stick with going forward. I’m not going to ask you to give up soda pop, or to exercise every day, but I am going to suggest thirteen New Year’s resolutions to help stop spam.

1. SPF Hard Fails

We’re going to keep beating this drum until everyone is dancing to the same beat. Configure your SPF records for hard fails so that others can reject spoofed mail that looks like it comes from your domains.

2. Reject SPF failures

And while you are thinking about SPF, configure your edge to reject any email that comes from a source that fails an SPF test. Your users will get less junk, and you will have to process fewer messages through the rest of your filters.

3. Disable VRFY

Spammers still try to get email addresses from systems. One way to stop their recon attempts is to make sure your edge does not support the VRFY command.

4. Tarpit Directory Harvesting Attempts

And then, configure your edge to tarpit or reject connections from any system that continues to try sending emails to bogus addresses or other Directory Harvesting activities.

5. Block Outbound SMTP

To help ensure that your own users are a part of the problem, block outbound SMTP at your firewall, and configure your SMTP relays to only accept email from approved internal systems. Relay for any and all that have a legitimate reason to send email out, but make sure that you are aware of any systems that do, and that they are not doing anything you’d rather control through the corporate email system.

6. Configure Sender Limits

Marketing, Sales, and other groups may be tempted to send out emails that wind up looking like spam. One thing you can do to make sure that they don’t start bulk mailing on their own is to limit the number of messages anyone can send in an hour, the number of recipients any one message can be sent to, and while you are at it, put a reasonable file attachment limit on your outbound connections.

7. Confirm Your Distribution Lists

Go through any or all of the distribution lists your company uses, and make sure that they are still valid, and that all addressees still want to receive your messages. While it would be great to have all users opt-in to continue receiving messages, at the very least send out an offer to unsubscribe, and then check all the NDRs you receive to purge invalid recipients.

8. Use Only Opt-In Distribution Lists

And while you are focused on distribution lists, establish policies that your users can only purchase or use opt-in distribution lists to make sure that the people who are being sent your messages really want them.

9. Use Third Party Bulk Mailers

To help protect your systems and networks from being associated with spam, make sure that you send all your bulk email using third party remailer services. They have multiple servers and circuits to handle the load, and if anyone does flag a sender as a spammer, it won’t impact your normal daily email systems.

10. Process Unsubscribe Requests Immediately

One of the best things you can do to maintain good will is to process unsubscribe requests immediately. If someone does click that unsub link, remove them immediately. Don’t ask questions, don’t take two to three weeks, don’t send them another email, or plead with them to stay.

11. Scan Both Inbound and Outbound Mail

When you scan your outbound mail the same as your inbound, you can catch messages that others might flag as spam, and also help protect others from malware.

12. Scrub Your Webpages

Search your webpages for email addresses, and remove them. If you have to display an email address, obfuscate it from automated collection processing using Javascript or another method, or use click images to make it easy for users but hard for spammers.

13. Implement Contact Forms

You don’t always have to put an email address on your website. Contact forms do a very good job of providing ways for customers and others to send email to your users, without ever having to put an email address online.

And your bonus resolution is simple.

Keep Reading!

There are two things you can count on when it comes to spam and 2013. The first is that spam won’t be going away anytime soon. The second is that will keep bringing you the best coverage on spam news, developments, new technologies, and best practices. We’re all about our readers, so if there is something specific you wish we would cover here, leave a comment and let us know what you’d like to see! We’re happy to consider requests.

Written by Casper Manes

I currently work as a Senior Messaging Consultant for one of the premier consulting firms in the world, I cut my teeth on Exchange 5.0, and have worked with every version of Microsoft’s awesome email package since then, as well as MHS, Sendmail, and MailEnable systems. I've written dozens of articles on behalf of my past employers, their partners, and others, and I finally decided to embrace blogging and social media, so please follow me on Twitter @caspermanes if you enjoy my posts.


  1. Lisa S. · January 4, 2013

    A very nice list! It reminds that no matter how much users know about spam and what legislation exists to prevent it, many of the steps needed to take are at network level and it is the admin who must do them. Thanks for the list, I will definitely try to follow it, though I can imagine how the marketing folks will react to their new limits.

  2. Danessa · January 28, 2013

    The last tip is definitely spot on! Education is definitely such a powerful thing. It gives you something wealth couldn’t have. Anyway, I also like the point about processing unsubscription fast. The truth is I don’t want people to unsubscribe. I guess that’s true to all marketers as well. It usually makes me think I’m doing something wrong in my campaign. On the other hand, it can be quite a blessing, since you’re usually left with more specialized or valuable leads. These are those who are truly interested in what you’re offering and have a higher chance to purchase than those who have unsubscribed.

  3. Chuck · January 28, 2013

    I actually like no. 6, though I have to admit I haven’t thought much about it really. Perhaps it’s because I’m very cautious about the number of times I send an e-mail, as well as its content. So far, no one has accused me of spamming, not even those who unsubscribed to my list. But as my business grows, I’m planning to turn this marketing stuff over. So perhaps setting a limit ensures that even if I am not looking, I don’t have to worry about this spamming thing. It’s the last thing I want my business to be associated with.

Leave A Reply