When we try to restrict spam, the main problem, it is difficult to
discriminate between the spam and normal message. Too match difficult to find
this difference before receive message. Lot of popular method in really are
inadmissible because, when we use it we lost good messages. Also, an
example, the checking spf1 DNS record method prove useless because an
example, lot of popular Internet mail service, (like GMail, HotMail, etc.)
enable to send messages from all IP addresses -- and it is right, -- each
user can send message through SMTP server of his provider, or through his own
office SMTP server. In companies, enabling to send message through office
SMTP server only, it is one way to protect network from internal
spamming, -- sometime an users (beginner or just not careful) can run a virus
or bad program that send spam.
Popular method it is using DNSBL servers. This method in
really may be well, but big problem is finding good DNSBL servers. Once I'm
self (my IP address) has been included in DNSBL list, because somebody from
subnet of my provider send spam. In frequency owner of DNSBL servers add to
list full subnet instead address of spammer only. It is very incorrect.
Usually the provider give the IP addresses to different independent
organizations and private persons. If someone of them run virus it is not
reason to block all. To exclude the risk of lost important message, in my
program provide possibility to check DNSBL servers from gray-list. If any
condition from gray list will true, the server will not receive the message
immediately, but it remember attributes of message, and will receive it next
time after a time. (If you choose the option, the server will check if SMTP
server of sender is valid and if it send this message, the message will be
receiving immediately) Not all spam program repeat sending to the same
address, and usually in the time, spam activity are detecting and blocking by
network administrator on the side of sending. The gray list give possibility
to restrict big part of spam, exclude risk of lost message, but some spam
message may be passed.
Another method, now not very popular yet, but by my opinion it is
most effective method, -- it is using fake addresses. Spam is easy and cheap
because primitive robot can scan web, find e-mail addresses on the pages, and
make the base of e-mail. Idea of protection, it is public fake addresses in
invisible areas of the pages. In SMTP server options direct these addresses,
and when somebody try to send message to these addresses server will sure
that it is spammer, the IP will be added to internal bad list, and blocked.
Also build-in DNSBL server may public internal bad list for another server.
Using fake addresses and exchange information about spammer's IP between few
servers may very force restrict the count spam.