Spam, or more accurately Unsolicited Commercial Email, is still on the rise, with some estimates measuring it at 90% of all email traffic. It’s a nuisance for users, a storage nightmare for admins, and often a vector for phishing attacks and malware. Using a defense in depth approach, this article provides steps an email administrator can take to protect their network from spam.
Step one-user training
Users should be educated on how their actions can lead to or reduce the amount of spam destined for their inbox. Using corporate email for personal use, subscribing to mailing lists, registering their email address for promotions and giveaways, and forwarding chain mails are all vectors that can lead to spam. Consider disabling html support to prevent downloads that can confirm an address is valid, as well as to reduce the risk of email based malware.
Step two-web content
Step three-tighten up your SMTP gateway
Disabling the verify command (VRFY) on your SMTP gateway makes it that much harder for spammers to check for valid email addresses. If supported, implement a delay before your server responds to a request with its banner. Legitimate email servers will wait for the 220 response before trying to send email, while many programs/scripts used by spammers will not. Your server can then drop email from this misbehaving sender. If your SMTP gateway supports Quit detection, configure it to drop email that it receives from a host that don’t close the session properly. Legitimate email servers end a session with the QUIT command, but many programs/scripts used by spammers don’t.
Step four-Check for MX and SPF records
Email servers that can receive mail should all have valid MX records in DNS. Those that send email should also have SPF records. Sender Policy Framework (SPF) records are txt records in a DNS zone that list servers authorized to send email on behalf of a domain. Configure your SMTP gateway to check for MX and SPF records when accepting an email to verify the sending domain of the from address matches what is in DNS. You may have to soft fail some messages until SPF gains in popularity, but this can help later lines of defense to identify spam.
Step five-Configure limits on your incoming SMTP gateway
Configure your email se...