Reject as much inbound spam as possible
Posted: Thu Feb 13, 2025 9:00 am
For example, if a server at an IP address on an ISP's network is infected with malware that sends spam, the abuse desk should see a surge in traffic from that server. If spam is being sent to a large ISP that provides a feedback loop, or to a honeypot email address owned by a reputation service, the abuse desk should notice an increase in spam in the feedback loops it subscribes to. Advanced users, such as those who run their own mail servers, may also report spam to the ISP abuse contact. Because of these and other resources, the ISP abuse team should be aware of the situation and be able to quickly shut down the infected server to prevent further spam and further risk to innocent users until the server is protected.
Suspected abuse issues at an ISP are handled by the same team that handles regular customer support issues. Effective abuse management requires a different skill set than customer support. The goal of a customer support representative is to resolve problems that customers have when using the service. The goal of the abuse team is to resolve problems that customers cause for the community. Because the two teams have different and potentially conflicting focuses, the abuse and customer support functions should be separated even in small ISPs. A medium or large ISP should have an entirely separate team responsible for security and abuse. This team should liaise closely with the administration and sales departments and be able to terminate abusive customers and prevent repeat registrations of such individuals.
If your current ISP is not handling abuse and security issues properly, consider changing your ISP. You don't want to find out that your email is being blocked because your ISP tolerates spam and abuse on the same network you use. Just like driving a car without insurance, ignoring abuse issues may seem cheaper initially, but may prove extremely expensive in the long run.
The Spamhaus project provides several databases of IP addresses and domains that, if used properly, can reduce ig database the amount of inbound spam reaching mailboxes to very low levels without blocking any significant amount of legitimate mail. If mail volumes are not very high, these databases can be used freely.
However, it is very important to use them correctly. This comes down to:
Use IP-based SBL, XBL, and PBL databases at the SMTP connection level against the source IP address of the connection (this is the normal use of DNSBLs);
Using a domain-based DBL database at the SMTP level, ideally three things are checked: the sender domain (MAIL FROM), the connecting server name according to HELO, and the connecting server name according to reverse DNS. Mail server software should be chosen that supports these checks.
Suspected abuse issues at an ISP are handled by the same team that handles regular customer support issues. Effective abuse management requires a different skill set than customer support. The goal of a customer support representative is to resolve problems that customers have when using the service. The goal of the abuse team is to resolve problems that customers cause for the community. Because the two teams have different and potentially conflicting focuses, the abuse and customer support functions should be separated even in small ISPs. A medium or large ISP should have an entirely separate team responsible for security and abuse. This team should liaise closely with the administration and sales departments and be able to terminate abusive customers and prevent repeat registrations of such individuals.
If your current ISP is not handling abuse and security issues properly, consider changing your ISP. You don't want to find out that your email is being blocked because your ISP tolerates spam and abuse on the same network you use. Just like driving a car without insurance, ignoring abuse issues may seem cheaper initially, but may prove extremely expensive in the long run.
The Spamhaus project provides several databases of IP addresses and domains that, if used properly, can reduce ig database the amount of inbound spam reaching mailboxes to very low levels without blocking any significant amount of legitimate mail. If mail volumes are not very high, these databases can be used freely.
However, it is very important to use them correctly. This comes down to:
Use IP-based SBL, XBL, and PBL databases at the SMTP connection level against the source IP address of the connection (this is the normal use of DNSBLs);
Using a domain-based DBL database at the SMTP level, ideally three things are checked: the sender domain (MAIL FROM), the connecting server name according to HELO, and the connecting server name according to reverse DNS. Mail server software should be chosen that supports these checks.