Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Diverting Spam before it hits the server?

[webpros]

I’ve got a domain that’s getting in excess of 1 million spam emails per day. None of the mail is going to any particular box. It’s all addressed to fake users so it’s being redirected to /dev/null. My provider is barking (and should be) because a lot of server resources are being used with this spam being sent to /dev/null.

My question: Is there a way to divert the spam away before it hits my domain? Keep in mind there a several users who have live email boxes on this domain.

Thanks for any help or suggestions.

[Whitesell]

Look in to a service that filters the mail before it is delivered to your server. Postini www.postini.com works very well. I have heard of others, but can't remember the names.

[scott79]

check PM

[Dynanet]

If you can get your host to turn on the RBL checks for your domain it would help, specifically the checks for Dynamic IP Ranges as that is where about 80% of the spam is coming from theses days.

I do this for a local ISP and we definitely are blocking a lot more incoming than we accept, this is for a range of about 1400 users. We had no choice in the blocking as his only other option was to build a more powerful server to handle the ever increasing load, he refused because as a dialup only ISP he is actually slowly losing more clients than he signs up as they convert to broadband, and yet his incoming mail traffic has more than doubled since last August.

[dan_erat]

I agree. Configure your MTA to use DNS-based blocking lists (a.k.a. DNSbls or RBLs) to reject the connections before the messages are sent over the wire. Good lists include ORDB, SBL (use the SBL-XBL combo list), and DSBL (there are many more).

[webpros]

Thanks for the input! I'm mulling over my options now.

Just curious, why would someone make an offer on a domain that receives this much spam? What's the motivational factor?

[Dynanet]

Quote:

Originally posted by webpros
Just curious, why would someone make an offer on a domain that receives this much spam? What's the motivational factor?

They may believe the website to go with it will receive a lot of traffic if you're getting 1 million emails a day, or maybe they want a really good spam detector if most of the email is spam, could build a good list of IPs to block.

[scott79]

Using a RBL/ORBs type DNS solution will not solve the server load issue. It might even cause even more than sending those fake users to /dev/null

[dan_erat]

How do you figure?

[scott79]

well, the mail still comes to the server. The MTA does the look up on the RBL/ORB/whatever, and depending on how you have it set up either reject it with a 5XX error or send to /dev/null...which all takes processing and bandwidth.

The solution we use and resell stop that mail from even touching our mail servers and not to mention saves the bandwidth of that potential spam and virus can cause

webpros problem is this domain is getting 1 million messages a day, and the server is being bogged down dealing with those messages. legit or not.

[scott79]

nevermind, I thing I got it all screwed up.

I dont know what I was thinking.

The RBL/DNS solutions reject the messages before they get sent over the wire. I guess my thought process was leaning toward a local ran program on the machine.

my apologies.

[dan_erat]

No, the mail doesn't still go to the server (in most setups). The server rejects it before the content of the message is sent, and nothing needs to be written to the mail queue.

[dan_erat]

Heh, beat me by a minute. :) Sorry, I should have previewed.

[scott79]

no problem, I should have thought it all out!