Spam is Unwelcome Here

Unsolicited commercial email (spam) is not welcome at at any of the domains for which clapper.org handles email. (Currently, those domains are clapper.org and negus.info.) Spam consumes our network bandwidth and computer resources without compensating us for the loss. Spam also wastes the recipients' valuable time, without compensating them for that loss.

(There's additional spam-blocking philosophy in a document entitled "Why I Won't Use SPEWS".)

We Block Spam

In an effort to reduce spam, the clapper.org mail server uses a variety of automatic, software-based anti-spam measures. Because of these software anti-spam provisions, certain incoming mail messages will be rejected by the mail server before being delivered to the intended recipient.

If you think your message has been blocked inappropriately, please forward the message, with all headers, to proprietor @ clapper . org, and we'll try to sort out the problem. proprietor @ clapper . org is exempt from all spam-blocking rules. (You'll need to remove the spaces from that email address.)

Among the spam-blocking tools I use are:

The Spamhaus Block List (SBL), a "realtime DNS-based database of IP addresses of verified spammers, known spam gangs, spam operations and spam support services." See below and www.spamhaus.org/sbl/ for details.

A local blacklist of domains that have sent spam to us before. I use very simple criteria for inclusion in this blacklist:

If anyone at this site receives (and reports) unsolicited email directly from a domain, advertising services provided by that site, and there is no prior business relationship between the recipient and the site, then that domain ends up in my local blacklist.
If anyone at this site receives (and reports) unsolicited email from a site whose business is email or online marketing, then I will place that site in my local blacklist. There are number of companies that do direct email advertising for clients; their web sites will tell you so. If one of them sends a piece of spam to clapper.org, it ends up in my local blacklist.
Once a domain is in this local blacklist, the mail server will reject all subsequent email messages from that domain. If you think your site has been unfairly added to our blacklist, contact me at the email address listed above.

Per-user filtering tools, such as bogofilter and SpamAssassin, which attempt to filter spam into separate mail folders. Together, these tools do a pretty good job of weeding out the spam that manages to get past the spam-blocking rules in my SMTP server.
These measures don't block all incoming spam, but they manage to block a good deal of it. As time goes on, and if the need warrants, I will consider adding other technological spam prevention measures to the clapper.org mail server.

We Report Spam

Despite the spam-blocking measures I've put in place, some spam inevitably leaks through. Where possible, I report spam to the appropriate responsible parties. For instance:

Sometimes, someone sends spam using his or her Internet Service Provider's (ISP's) resources (for example, using a dial-up line, a cable modem connection, or an AOL account). Often, the ISP has an Acceptable Use Policy (AUP), sometimes called a Terms of Service agreement, that prohibits the sending of spam. Where possible, I forward a copy of the spam to the ISP, noting that the customer has violated the ISP's AUP. Sometimes, the ISP does nothing. Sometimes, the ISP warns the customer. Once in awhile, the the ISP will terminate the customer's account.

Occasionally, we receive spam from someone who's misusing an employer's resources. It's pretty clear when that has happened. For instance, if I receive a piece of spam touting the dubious money-making powers of a network marketing scheme, and the spam is routed through the computers of a company that sells software, it's highly likely that someone at that company is abusing the company's computers and Internet connection. After all, what reputable software company is going to risk tarnishing its reputation by permitting its employees to send spam through the company network? When I receive spam of this kind, I forward a copy of the spam to the responsible parties at the company, noting that an employee has apparently abused the company's resources to send spam.

Anti-spam Resources

There are a lot of resources and tools available for combatting spam. The table, below, lists just a few of them. Note that I do not necessarily recommend any of these measures. Even the ones I use might not be suitable for your site. The list also includes several anti-spam solutions that I definitely do not recommend (e.g., SPEWS); those items are still listed in the table, because other Internet sites do use them.

Organizations
www.cauce.org	The Coalition Against Unsolicited Commercial Email, an "ad hoc, all volunteer organization, created by Netizens to advocate for a legislative solution to the problem of [spam]."
www.spamfree.org	The Forum for Responsible and Ethical Email
Education and Information
spam.abuse.net	Explains what spam is, why it's bad, and how to fight it.
ftp://ftp.rfc-editor.org/in-notes/rfc3098.txt	Internet RFC 3098, entitled "How to Advertise Responsibly Using E-Mail and Newsgroups or - how NOT to $$$$$ MAKE ENEMIES FAST! $$$$$". (Of course, it's unlikely that most of the spammers will read this RFC, much less follow its advice.)
www.mail-abuse.org/tsi/ar-what.html	What is a "third-party mail relay?"
www.mail-abuse.org/manage.html	Basic Mailing List Management Guidelines for Preventing Abuse, a guide for those who manage mailing lists.
www.vicomsoft.com/knowledge/reference/spam.html	An interesting FAQ (billed as a white paper) that describes what spam is, outlines its history on the net, and discusses some spam prevention measures. Potentially useful for the uninitiated.
http://www.politechbot.com/p-02827.html http://www.farces.com/farces/999462920/	Some people advocate attempting to forcing spammers into a binding contract for services; typically, these contracts are worded so that the spammer implicitly agrees to pay the receipient for any subsequent commercial email the spammer sends. The first URL at left is a lawyer's description of appropriate contract terms. The second URL describes one individual's attempts to bill spammers.
http://antispam.msexchange.org/	Primarily geared toward users of Microsoft Exchange, this site contains spam-fighting news, links, articles and tutorials.
SpamFAQ.net	A anti-spam FAQ clearing house, of sorts.
Spam Blacklists
www.mail-abuse.org/rbl	MAPS Realtime Blackhole List (RBL). (See Note 1, below.)
www.mail-abuse.org/rss	MAPS Relay Spam Stopper (RSS) (See Note 1, below.)
www.mail-abuse.org/dul	MAPS Dial-up User List (DUL) (See Note 1, below.)
www.mail-abuse.org/rbl+	A MAPS capability that allows subscribers to use a single query to look up an IP address in the RBL, RSS, and DUL databases. (See Note 1, below.)
www.mail-abuse.org/tsi	MAPS Transport Security Initiative
www.ordb.org	ORDB.org is "a non-profit organisation which stores a list of machines which are open SMTP relays. These relays are, or are likely to be, used as conduits for sending unsolicited bulk email. By accessing this list, system administrators are allowed to choose to accept or deny email exchange with these servers." Unlike the MAPS RSS open relay database, the ORDB doesn't require that an open relay actually be caught sending spam; if someone reports that an SMTP server is an open relay, and ORDB can confirm the report, the server is listed in the database (and the server's administrators are contacted).
spamcop.net	SpamCop is a commercial spam-blocking service with a blackhole component. Note: SpamCop may suffer from some of the same problems as the SPEWS blacklist.
www.spamhaus.org/sbl/	The Spamhaus Block List ("SBL") is a list of IP addresses compiled by a team that tracks known spam operations. This team also maintains a Register of Known Spam Operations (ROKSO) database. The Spamhaus SBL block list can be queried via the same DNS-based mechanisms used to query the MAPS list and other blackhole lists. All IPs on the SBL belong to known spammers, spam gangs, or spam support services. The SBL includes IPs from both the ROKSO database and IPs of spam services listed in the Spamhaus database.
www.spews.org	SPEWS is a list of areas on the Internet that several system administrators, ISP postmasters, and other service providers have assembled and use to deny email and in some cases, all network traffic from. The SPEWS list can be queried via the same DNS-based mechanisms used to query the MAPS list and other blackhole lists. Note: I used SPEWS for awhile, but I have decided that its criteria for inclusion is too broad for my tastes; it catches too many innocent bystanders. So I no longer use the SPEWS blacklist. See this article for a more complete discussion of this issue.
www.njabl.org	Another blacklist. To quote from their web site, NJABL is "Not Just Another Blacklist. This effort began out of frustration with the amount of spam coming into our networks and with the lack of options for an existing blacklist with policies and stability we could live with. NJABL.ORG maintains a list of known and potential spam sources for the purpose of being able to refuse email and prevent at least some spam."
www.orbz.org	Another SMTP open-relay database, similar in policy to ORDB. A open relay listed in ORBZ may or may not actually have been used to transmit spam. Note: ORBZ is now dead. See the ORBZ web site for an explanation.
dsbl.org	The Distributed Sender Boycott List (DSBL) is a database of "email servers which are non-secure and potentially servers with dumb and/or malicious users." It's a relatively new list, created in March, 2002. I don't use it and I currently have no data on its reliability.
Anti-spam Configuration for SMTP Servers
www.sendmail.org/antispam.html	How to enable anti-spam provisions in sendmail, a popular UNIX-based Internet mail server
www.summersault.com/chris/techno/qmail/qmail-antispam.html	How to enable anti-spam provisions in qmail, another popular UNIX-based Internet mail server
www.mail-abuse.org/tsi/ar-fix.html	Pointers to instructions on how to disable third-party relaying for many Internet mail server products. Covers Unix-, Windows- and Mac-based servers, as well as other platforms.
Software Tools for Managing Spam
bogofilter	"Bogofilter is a mail filter that classifies mail as spam or ham (non-spam) by a statistical analysis of the message's header and content (body). The program is able to learn from the user's classifications and corrections." I use this tool, along with SpamAssassin, to filter any personal email that makes it past the spam blocking rules in my SMTP server.
procmail	procmail is a general-purpose, regular expression-based mail filter that can be used filter and redirect spam.
SpamAssassin	A rule-based mail filter that identifies spam using text analysis. Once identified, the mail can then be optionally tagged as spam for later filtering using the user's own mail user-agent application. The distribution provides a command line tool to perform filtering and a set of perl modules which implement a Mail::Audit plugin, allowing SpamAssassin to be used in a Mail::Audit filter. I use this tool, along with bogofilter, to filter any personal email that makes it past the spam blocking rules in my SMTP server.
Notes [1] In mid-2001, MAPS went to subscription-only service. They now block queries from non-subscribers. If you're an individual with just one IP address associated with your mail server, you might be able to get an Individual/Hobbyist's subscription, which is free. See http://www.mail-abuse.org/subscription.html and http://mail-abuse.org/feestructure.html for details.

$Id: index.html 6965 2007-08-12 15:27:13Z bmc $