On Fri, Apr 6, 2012 at 1:01 PM, Drew Weaver <drew.weaver@thenap.com> wrote:
So you're suggesting that hosting companies do what?
I believe I'm suggesting you use SORBS as your canary in the coal mine and otherwise ignore them. But if you're asking what hosting companies could do to proactively prevent spamming and make their systems inhospitable to spammers, I might start with blocking non-local outbound TCP 25 by default. Then have the customer fill out and sign a form. Spell out your bulk email policies, have the customer specify which of their IPs will originate email and have them send the form to you signed via U.S. Mail. No "proof" or other major hoops, just sign and mail the form. Unless you're *trying* to run a "bulletproof hosting" system, you'll find the customers who intentionally spam would prefer to stay under the radar. Forcing them to "out" themselves by telling you they intend to send mail from every one of their addresses is often enough to encourage their voluntary departure. And it's certainly enough to tell you *which* among your thousands of customers you should watch to make sure they're not spammers. For the non-spamming customers, you've emphasized that running a well secured email server is a challenge which takes more than clicking install.exe. You haven't told them they can't, but you've spelled out "be careful" in big, bold letters.
And I'm mostly just complaining about senderbase, because they seem to be the one that really large companies reference.
Meh. If you catch them while they're still just annoying SORBS, they'll never make it in to senderbase. Canary. Coal mine. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.comĀ bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004