ISPs Fighting Back
But some ISPs are putting their feet down, attempting to stop the abuse. At the forefront of this effort, defying all conventional wisdom, is AOL. In the 90s, an era of very different circumstances, AOL was the single largest source of spam on the Internet, and the ISPs reputation suffered terribly from it. Now not only AOL users have high-quality spam control, but AOL is perhaps the most active ISP in terms of policing the use and abuse of mail. Consider the rules at AOLs "Technical Standards for E-mail Delivery." AOL makes extensive use of RBL services like MAPS so that they know to block spam from open relays, spambots, systems with unsecured form-mail scripts and other spam sources. They actually use the same services to block spam that comes directly from residential ISP clients that should not be sending mail directly; in other words, if you dont block port 25 yourself, they will do it for you.All of this is intended to use AOLs size and clout to make other e-mail administrators set up and administer their systems properly. In many cases, the reverse DNS requirement, for example, the administrator finds out that he or she doesnt have a reverse DNS because AOL blocks the mail, and the end result is an improvement for everyone. Mail servers should have a reverse DNS if they have nothing to hide. Perhaps not everyone can do everything AOL does. It does, after all, have a proprietary internal mail system. But theres a lot we can learn from its example. Carl Hutzler, until recently in charge of AOLs anti-spam efforts (he has now moved on to a position in engineering and development of AOLs e-mail), has been evangelizing this ethic of responsibility by mail admins, especially at ISPs. Hutzler warns of the lazy approach of relying on filters, as so many ISPs do. Its the easy way out. But anyone with a little experience knows that filters dont even come close to solving the problem, although they can be a useful part of the solution. Ive seen messages with overtly pornographic subject lines and bodies make it through three different Bayesian filters. Spammers know how to play with the content of the message to trick filters. Next page: Port 25, The Nuclear Option
The ISP goes furthermuch further. If the sending system does not have a PTR record (a reverse DNS), it is rejected. If a message contains a hex-encoded URL (like http://%73%70%61%6d/), it is rejected. If more than 10 percent of the sending systems messages to AOL bounce, AOL may reject mail from it in general. If a server rejects 10 percent or more of the bounce messages sent to it, AOL may reject further connections from the server. There are other, similar rules.