I am very interested in any advice that I can receive about how to avoid inadvertantly hosting spammers. Preferably I'd like to be able to limit the amount of email sent per day (200-500 or so seems to be a reasonable cap to me). Is there a MTA that handles this particularly well? Are there any 3rd party solutions that you would recommend?

Jake

I'm interested in it also. Spammers make me sick only thinking about them.

If someone has an answer cw will love it and many others, including me.

It will be nice to limit the number of messages in one mail/ in an hour / in a day and so on. It will make the SMTP asministrators's nights more peaceful.

Looking forward ... :cool:

There is no magic tool to stop spammers. You have to proactively monitor and maintain. I read somewhere that earthlink has a staff of over 100 that do nothing but block spam, and they can barely keep up.

Putting software in place to stop spam is like building a secure prison then expecting to not need any guards. For spam control to be effect you have to constantly follow up on what's going on. It's a game, spammers are very quick to learn a new techique that you won't catch, you just have to be one step ahead. It's all about cops and robbers. Good Luck.

agreed. Keeping an eye on the shop is probably your best way to stop them. The catch 22 of course is you'll only really find out once they fire off a salvo, but you can rest assured you'll know from others pretty quickly in the form of complaints. A swift boot off the server and an e-mail stating the TOS violation and you're rid of them.

We had one a few months ago who's total account time with us was around three hours from confirmation of CC details to banning

Greg Moore

Originally posted by inkhead
Putting software in place to stop spam is like building a secure prison then expecting to not need any guards.

well said ))

Jake,

By limiting your customers you could easily be hurting them in the long run. I have several customers who maintain lists of email addresses that exceed 10,000 and even one guy who has a list of his contacts that is over 150,000 whom they mail at least once a month. Just make sure the IP's of your boxes resolve back to the right hostname and register your email addresses with abuse.net so the spamcop.net complaints come back to you and not your uplink or the owner of your IP block.

SMTP authentication helps a bit

It's very difficult to completely combat spammers. Every host with more than a handful of clients has probably been hit and for the others it's just a matter of time. Like James, I would recommend against setting up any limitations on the total amount of mail that a user can send. We also have clients with very large mailing lists who would be firing off a ticket if the list suddenly stopped sending in the middle of a run.

To ease the odds that a spammer will be able to get anything done on your system, though, there are other things you can do.

- Screen all orders. Compare a submitted domain order to well known lists such as those at Spamhaus (http://www.spamhaus.org. If you capture IPs, do a quick check to compare the originating IP with the stated address of the user. If the domain is not registered, does it look like something that would be related to MMF schemes or set off any warning bells for you? We've denied orders on all three points and been happier for it, based on followup research.
- Screen your system, assuming you are on a dedicated server. There are scripts you can run to detect filenames of well known spam scripts. Run them on a regular schedule and take the time to look at the ouput. If you find anything before a spammer gets things fully set up, you can lock out the account, investigate the contents of their directory structure, and then ask them why those files are there. If they have already started a run, it's simple enough to terminate their account(s) and kill their processes. Turn on SMTP authentication if you haven't already to avoid spammers from using you as an open relay and to prevent yourself from winding up in sysadmins' blacklists.
- Screen your AUP. Make sure that it has very stringent penalties for spamming. Always follow it and never make exceptions. The best defense against spammers coming to you is getting the word out that they won't be tolerated and that you take very quick action against them.

I agree with most of you on almost everything; however I don't think that screening orders helps. Don't get me wrong, of course screening is a good practice and it does help to prevent spam and fraud, however not long ago we had a signup that look pretty legitimate, but the AVS did not match, so I went ahead and called the customer, he apologize saying that he had provided his business address and that the card's billing address was his home address, he gave me his home address, I then run the card to get an approval for $1.00 just to verify the address and it came back with a positive AVS match. Guess what? 24 hours later the guy had already sent about 100,000 messages. This tells me that no screening in the world would catch these guys. This guy was there, he answered the phone, the IP traced to the location of his address, the AVS matched, I even spoke with him on the phone! And yet he was a despicable crook.

Running scripts that will monitor files is a good thing, we actually run filemonitor and then have it send the results to an email address every 12 hours, it does help a lot. By the way, thanks Annette for recommending the script :)

Good luck to you all !

Nothing is foolproof. Screening the orders helps knock out those more obvious items that might cause headaches down the line. Personally, I love the ones we receive that claim to be in the midwestern USA but which list usernames that are obviously related to their actual country of origin (usually southeast Asia).

Good news on the script. Glad you found it useful. If we had found that one before writing up our own we could have saved some time.

What about blocking every outgoing email for the first few days of an account? This will catch most spammers.

I think that we're definitely going to be adding a high monetary penalty/fee for sending spam from our servers to our TOS.

Then when we verify that they're in the US and are a real person, like bert has done, we will just send them a bill, and start pursuing them for the debt all the way to court if need be.

What do you guys think is fair? $500? $1000? $5000 maybe?

Originally posted by bitserve
[B]we're definitely going to be adding a high monetary penalty/fee for sending spam from our servers to our TOS

I really wish this was possible. You can try, but I guarantee you, you will not collect. You will spend more money trying to collect though :(

Originally posted by jic
register your email addresses with abuse.net so the spamcop.net complaints come back to you and not your uplink or the owner of your IP block.



How to do it?



Salam,
-Omair

Originally posted by bert
I really wish this was possible. You can try, but I guarantee you, you will not collect. You will spend more money trying to collect though :(

I'll let you know if it works. :)

Originally posted by bitserve


I'll let you know if it works. :)

I really hope you never have to use it though ;)

Originally posted by Omair Haroon

How to do it?

Salam,
-Omair

http://www.abuse.net/addnew.html

Thanks for the link Annette!



Salam,
-Omair

Originally posted by bert


I really wish this was possible. You can try, but I guarantee you, you will not collect. You will spend more money trying to collect though :(

If that's the case, then the fee is not high enough. Simply raising the penalty solves the problem. I think $30/spam message is a good figure. If a single spammer send 1000 spam message from your server, he owes you $30000. Wouldn't that be enough? No? If he sent only 10 spam, don't bother collecting though, simply boot him off the server.

Hi guys

I'm new here (sort of) but I'm beeing reading almost all forums. I'm planning a reseller business, so... ;-)

Anyway, I learned that the two most used send mail programs are sendmail and qmail. I did a little research and both are free (am I wrong?). So why not get those guys that wrote sendmail and qmail to implement a feature on those package to limit the amout of e-mail notes a single user (the sender) can send per day. This would solve the spamm problem (I would hope).

Virginio