Bart Shaefer, CTO of iPost, pinpoints a major step any web host can take to keep spam from becoming a problem. "The first and most important thing Web hosting vendors should do is perform due diligence checks up front -- before agreeing to provide service." He should know how important that is; his company serves other firms that send legitimate opt-in-only mailings, and it handles huge volumes of email.
So how do you perform due diligence? You can start by doing the same things you might do to check a prospective employee -- use Google or another search engine to see what you can learn about the person and his or her company. Don't skip over doing a credit check; spammers often have no credit or bad credit. But this is just the beginning.
Check your customer's IPs and domains against black lists; there are many public ones you can use. Be wary if a domain is not registered. Check for address and telephone number matches. Since customers can get a little touchy when you ask a lot of questions, make it clear why you're going to so much trouble. Legitimate customers don't want to be associated with spammers any more than you do!
One source you should go to when checking out your customers is the Spamhaus Project (www.spamhaus.org). Among other things, this organization maintains the ROKSO database: the Registry of Known Spam Operations. Spammers on this list have lost their accounts with at least three ISPs for spam-related offenses. These people are hard-core; just 200 "spam gangs" send 80 percent of the spam received by Internet users in North America and Europe, and most of them are listed in the ROKSO database, according to Spamhaus. To quote the organization's web site, "The vast majority of those listed here operate illegally and move from network to network (and country to country) seeking out 'spam-friendly' Internet Service Providers ('ISPs') known for lax enforcing of anti-spam policies...These are the spammers you definitely do NOT want on your network."
Google Groups is another place to check; specifically, search the news.admin.net-abuse newsgroup. But use it carefully. Many postings aren't real; they're forgeries designed to hurt legitimate parties, sometimes created by spammers in an attempt to shift the blame from those who are truly at fault. Also, make sure you don't confuse spammers with those who have received spam and are simply reporting an offender.
No comments:
Post a Comment