Starting at the Top
Starting at the Top There are several organizations that track spam sources and offer services that block known spamming sites. The MAPS (Mail Abuse Prevention System) and the Distributed Server Boycott List are just two among many such services.We recommend that organizations using a service such as MAPS dump all suspect e-mail in a holding area that is reviewed frequently, especially during the first several weeks after implementing the service. The priority of the mail reviewer should be to ensure that legitimate e-mail is not being accidentally shunted to the trash. It also helps to track the amount of junk mail that is being diverted from end users to determine if the service is saving the organization money. MAPS real-time black hole list service costs $1,500 per enabled IP address, which supports as many as 1,000 users. When using a black hole list, some e-mail administrators may also choose to bounce blocked e-mail back to the sender. This, of course, sends a confirmation to spammers that they have a legitimate e-mail address, making it likely that the e-mail address will receive more junk mail, but it also has the benefit of letting legitimate senders know that their e-mail has been blocked. We recommend that IT managers bounce blocked messages, particularly at organizations that depend on e-mail to take or confirm orders or that deal in sensitive business information, such as financial or insurance records. Any extra stress on the mail server will likely be offset by the peace of mind that comes from knowing that legitimate senders are being warned that their message didnt get through. Probably the biggest disadvantage of the subscription services is that, for the most part, they rely on volunteers to submit information on spammers. Although the lists they maintain are often complete, the services are still responding to general spam instead of taking a tailored, proactive approach to blocking spam.
eWeek Labs evaluated MAPS for this report, but all these services work at two levels. First, spammers are reported to the services by people who have received spam from an identifiable relaying mail server. MAPSwhich, like most of these, is a nonprofit servicetakes care to confirm that the server associated with the IP address is, indeed, supporting spam distribution. If so, the IP address is added to the MAPS database. Second, the MAPS service is integrated into subscribers e-mail gateways and does a lookup on the origin of each incoming mail message. The e-mail gateway processes mail that is not on the black hole list, and mail that is on the list is acted on by policies that are set up by each subscribers mail administrator.