Spam, spam, spam, spam .... not so wonderful or glorious

Definitions of Spam on the Web:

  • To indiscriminately send unsolicited, unwanted, irrelevant, or inappropriate messages, especially commercial advertising in mass quantities. Noun: electronic "junk mail".
  • is unsolicited e-mail. The term spamming is also sometimes used by search engines to mean web sites that try to gain a higher listing by submitting hundreds of almost identical pages or by inserting hundreds of keywords within a web document.
  • Spam refers to electronic junk mail or junk newsgroup postings. Some people define spam even more generally as any unsolicited e-mail. In addition to being a nuisance, spam also eats up a lot of network bandwidth. Because the Internet is a public network, little can be done to prevent spam, just as it is impossible to prevent junk mail. However, the use of software filters in e-mail programs can be used to remove most spam sent through e-mail.

The Australian government has enacted new anti-spam laws, effective 16 July 2006. Read on for more infomation.

This code requires email service providers (like Horizen) :

  • to provide spam filtering options to their subscribers.
  • to tell their subscribers what default filtering of the subscriber’s email the internet service provider or eail service provider does at its own servers.
  • to advise their subscribers how to deal with, and report, spam.
  • to ensure their Acceptable Use Policies prohibit the use of their networks for spamming; and to inform their subscribers to that effect.
  • to comply with all lawful requests of law enforcement and regulatory agencies investigating spam activity.

The code requires internet service providers: (items not relevant are struck through like this)

  • not to have open relay or open proxy servers, and to impose the same obligations on their subscribers through their Acceptable Use Policies. Horizen uses these settings.
  • to retain the right in their Acceptable Use Policies to scan their own networks for subscribers’ misconfigured mail and proxy servers.
  • to ensure their Acceptable Use Policies allow for the immediate termination of connections they host where the connection has become an open relay or open server, either due to intentional misconfiguration or to unintentional
  • infection by a virus or other intrusion (ie. become a zombie).
  • if notified that a subscriber’s account is spamming (eg. because the subscriber’s computer is a zombie), to take reasonable steps to warn the subscriber and offer suggestions on how to correct the problem. The internet service provider may immediately terminate the connection if the problem is serious or continuing.
  • internet service providers using dynamic IP address allocation to use all reasonable efforts to retain records of subscriber allocation for at least seven days.

An internet service provider or email service provider

  • should publish SPF records for each domain administered by it.
  • shall comply with all APNIC requirements for keeping WHOIS data updated, including ensuring that their own internet service provider customers do the same.

In addition, an internet service provider should:

  • impose reasonable limits on the rate at which subscribers can send email (I monitor logs regularly)
  • allow subscribers to authenticate to their mail servers using SMTP AUTH. Subscribers wishing to send email through the internet service provider’s mail server, but who are not connecting through the internet service provider’s network, must be required to authenticate themselves using SMTP AUTH or an equivalent.
  • not distribute customer premises equipment that is configured by default so as to allow remote administration across the internet.
  • prevent automated registration of email accounts.
  • provide reverse Domain Name System (DNS) entries for any server on an internet service provider’s network being used to send email, including those of the internet service provider’s subscribers.
  • where technically and commercially viable, not permit computers at dynamically allocated IP addresses to connect directly via Port 25.


And for more information not in the form of legalese from the statutory bodies :

My best mate Bilbo Bloggins is shocked by the amount of spam that is getting through to me, he gets nothing like this. Have you got a spam filter on your server?

Are your friends Internet server administrators? Are they professional computer consultants? Are they IT experts?

If you needed brain surgery and they gave you opinion about that, would you let them operate on you?

If not, then why are you listening to them about computer related matters ...

It seems that everyone is an expert on sex, politics, religion, driving and now computers ...

Ok I'm being frivolous but read on.
Unfortunately spam is a world wide problem and if there was an easy solution then everybody would be using that solution.

1) I am running several spam & virus filters already, far more spam would be getting through if I wasn't.
- Attachment Filter X. This filter blocks .BAT, .CMD, .COM, .CPL, .EXE, .LNK, .PIF, .SCR and .VBS files, as well as blocking base64 and uuencoded zip files that contain those types of files.
- Bulk Mailer Filter 2 & 3 X. These are filters that check the headers of messages for the signature of 2 common bulk mailer programs.
- Sender Domain Filter. This filter does a check to see if the domain of the sender (MAIL FROM) exists. If it doesn't exist, it is refused.
- see here for more detailed information about these filters
2) I subscribe to 2 spam & virus black lists : NJABL & ORDB
3) I regularly monitor and update anti-spam precautions

I take the attitude that if the server filters out a good message that you want, then that is a problem (called a false positive). I would rather you get some spam than miss out on potential real messages and business opportunities.

Every time I have tightened up on spam with extra filtering, too many false positives occur and people miss out on email. And then people complain that they aren't getting email ...

In the past I have also used these EIMS filters but because of the many poorly run email servers around the Internet I get too many false positives - No Message-ID, Short Host & Space Patrol Filters.

I am testing spamassassin with EIMS currently. This does a LOT of tests to give each incoming email a score that determines the likelyhood of it being a spam. But guess what, spammers read these lists too and try to make their spam get past the tests.

Want to know why you get more spam than Bilbo Bloggins?

If you have email addresses on your web site in plain text / html - these get scanned by spammers and added to their spam lists - you get more spam
If you ever reply to spammers to tell them to stop spamming - you get more spam
If you have an old email address - generally you will get more spam
If anyone who has you on their email address list gets a virus, trojan or malware - you get more spam
If you subscribe to any mailing lists and they sell your email address - you get more spam
If you ever post to news groups - you get more spam
If you have a plain name, obvious or easy to guess email address - you get more spam
If your email is on public display with your DNS / domain name records(as it has to be legally) - you get more spam

Etc, etc, ...

Ultimately the only way to eliminate spam is to :

Not to use the Internet, never check your email, dont have an email or change your existing spam ridden email address. Yes, it's a pain but sometimes there is no other answer. And dont pick an email address like

If you MUST subscribe to then do so with a temporary hotmail / yahoo / google email address. Dont use your real email address, because you are asking for it to get compromised.

Why do people spam? They are under the mistaken impression that spamming can make them money. It takes very little investment to set up a mail server in some remote country and go bananas spamming away.

There are many individual spam solutions for you to use, some are free, some are not. Likely your email client already includes some spam filtering facilities. If all else fails read the manual. Check versiontracker for some help with spam filtering solutions :

Mac / PC

Also do a search in google for spam filter ...

Try here alsofor more information :

To understand more about spam :