Starting at the Top

By Cameron Sturdevant  |  Posted 2002-08-19 Print this article Print

Starting at the Top

There are several organizations that track spam sources and offer services that block known spamming sites. The MAPS (Mail Abuse Prevention System) and the Distributed Server Boycott List are just two among many such services.

eWeek Labs evaluated MAPS for this report, but all these services work at two levels. First, spammers are reported to the services by people who have received spam from an identifiable relaying mail server. MAPS—which, like most of these, is a nonprofit service—takes care to confirm that the server associated with the IP address is, indeed, supporting spam distribution. If so, the IP address is added to the MAPS database. Second, the MAPS service is integrated into subscribers e-mail gateways and does a lookup on the origin of each incoming mail message. The e-mail gateway processes mail that is not on the black hole list, and mail that is on the list is acted on by policies that are set up by each subscribers mail administrator.

We recommend that organizations using a service such as MAPS dump all suspect e-mail in a holding area that is reviewed frequently, especially during the first several weeks after implementing the service.

The priority of the mail reviewer should be to ensure that legitimate e-mail is not being accidentally shunted to the trash. It also helps to track the amount of junk mail that is being diverted from end users to determine if the service is saving the organization money. MAPS real-time black hole list service costs $1,500 per enabled IP address, which supports as many as 1,000 users.

When using a black hole list, some e-mail administrators may also choose to bounce blocked e-mail back to the sender. This, of course, sends a confirmation to spammers that they have a legitimate e-mail address, making it likely that the e-mail address will receive more junk mail, but it also has the benefit of letting legitimate senders know that their e-mail has been blocked.

We recommend that IT managers bounce blocked messages, particularly at organizations that depend on e-mail to take or confirm orders or that deal in sensitive business information, such as financial or insurance records. Any extra stress on the mail server will likely be offset by the peace of mind that comes from knowing that legitimate senders are being warned that their message didnt get through.

Probably the biggest disadvantage of the subscription services is that, for the most part, they rely on volunteers to submit information on spammers. Although the lists they maintain are often complete, the services are still responding to general spam instead of taking a tailored, proactive approach to blocking spam.

Cameron Sturdevant Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel