Email Forwarders and Spam
Wow, what a week.
One of the many things I do is administer the servers we have that run the web services we host. Those services include website functions, database hosting and of course email.
Website functions include running and maintaining Apache. Because we pay fees to other companies for software and such, we get automatic updates as part of the package. This is great because we, honestly, don't have to do much as far as this service goes.
Database hosting includes making sure MySQL is up and healthy. For the same reasons above, there isn't much you have to do here; however, backups are even more important for this type of data because it's always changing (where maybe your actual code might not be).
Email is a completely different story. Completely. One of the few services that a server performs that relies on everyone playing nice is email. The problem is that not everyone does. Any machine on the internet can be turned into a spam spewing nightmare for system administrators.
The main way that spam is combated is by using spam filters at the server level. Yes, there are some email clients like Outlook 2003 that have built-in junk mail filters but most spam is blocked by the server so that you don't know about it. On those servers, they use various rules for checking spam. Some might look for the word "viagra" or "free prescriptions" and block email based on that. Some might look at the "From:" and determine if it's a valid address. Some might do a combination of all of that plus thousands of other rules.
The most popular (or annoying depending on your job title) is probably spam blacklists. These are lists that mail servers use to help share information with other mail servers about spammers. Just because your mail server hasn't gotten spammed by a notorious spammer doesn't mean that you have to in order to know about them. When emails come in, their criteria is checked against worldwide lists and is sometimes blocked based on that.
Now for the purpose of this article: email forwarders. Almost everyone uses them. If you have a company email address and a personal email address, you often just want your mail in one place so you ask your IT guy to forward your company email to your personal inbox. So, when an email is sent to you, it:
- leaves your friend's computer and heads to their ISP
- leaves your friend's ISP headed for your employer's server
- is received by your employer's server and redirected to your ISP's server
- is received by your ISP's server and made available to you
Great. Easy enough. Like an address change at the post office, mail is simply redirected to a new address. Here's the problem:
- spam leaves spammer's computer headed to their ISP
- spam leaves spammer's ISP headed for your employer's server
- spam is received by your employer's server and redirected to your ISP's server
- spam is received by your ISP's server, seen as spam and blocked/deleted (you never see it)
Sounds harmless unless you realize what your ISP is doing. When they get a spam email, they check to see who sent it to them. In any other case (when not using a forwarder), it's probably a server from another country. Eventually, if they get enough bad email from that server, they'll stop accepting email from it altogether. When you use forwarders though, the email your ISP blocks looks like it came from your employer and they think your employer is the spammer.
Eventually, once enough ISPs block spam emails from your employer's server, they are reported to the spam blacklists I mentioned earlier. This causes many other servers that use those lists for spam checking to block your employer's emails. Bad news.
This is my headache this last week. It's not the first time it's happened (and in fact, happened twice this week).
There are 3 possible solutions we're looking at. If you can think of others, please leave a comment on this article:
1) Stop allowing forwarders altogether (or stop allowing forwarders that redirect to remote systems). This fixes the problem altogether.
2) Reconfigure our system to scan forwarded emails before they're sent off. This has proven to be very difficult to do and, since no spam filter is perfect, spam could still get through which could give us a bad name.
3) Use an outside email hosting service that allows forwarders. Fixes the problem altogether (or at least makes it someone else's problem).
I think we're heavily considering option #3 at the moment. More specifically, Google Apps. Leverage the power of Google's already established Gmail email service (and their spam filters) with the size and scale of Google to provide a pretty powerful and feature-rich email experience for our clients.
Good luck to any other system admins that are fighting this right now. It's a tough position to be in. Maybe we'd be better off if we hadn't started off offering forwarders to ours users but we did so here we are. Maybe offloading email to an established service like Google for everyone's email (regardless of forwarder use) would be better for everyone and remove us from this equation.
One of the many things I do is administer the servers we have that run the web services we host. Those services include website functions, database hosting and of course email.
Website functions include running and maintaining Apache. Because we pay fees to other companies for software and such, we get automatic updates as part of the package. This is great because we, honestly, don't have to do much as far as this service goes.
Database hosting includes making sure MySQL is up and healthy. For the same reasons above, there isn't much you have to do here; however, backups are even more important for this type of data because it's always changing (where maybe your actual code might not be).
Email is a completely different story. Completely. One of the few services that a server performs that relies on everyone playing nice is email. The problem is that not everyone does. Any machine on the internet can be turned into a spam spewing nightmare for system administrators.
The main way that spam is combated is by using spam filters at the server level. Yes, there are some email clients like Outlook 2003 that have built-in junk mail filters but most spam is blocked by the server so that you don't know about it. On those servers, they use various rules for checking spam. Some might look for the word "viagra" or "free prescriptions" and block email based on that. Some might look at the "From:" and determine if it's a valid address. Some might do a combination of all of that plus thousands of other rules.
The most popular (or annoying depending on your job title) is probably spam blacklists. These are lists that mail servers use to help share information with other mail servers about spammers. Just because your mail server hasn't gotten spammed by a notorious spammer doesn't mean that you have to in order to know about them. When emails come in, their criteria is checked against worldwide lists and is sometimes blocked based on that.
Now for the purpose of this article: email forwarders. Almost everyone uses them. If you have a company email address and a personal email address, you often just want your mail in one place so you ask your IT guy to forward your company email to your personal inbox. So, when an email is sent to you, it:
- leaves your friend's computer and heads to their ISP
- leaves your friend's ISP headed for your employer's server
- is received by your employer's server and redirected to your ISP's server
- is received by your ISP's server and made available to you
Great. Easy enough. Like an address change at the post office, mail is simply redirected to a new address. Here's the problem:
- spam leaves spammer's computer headed to their ISP
- spam leaves spammer's ISP headed for your employer's server
- spam is received by your employer's server and redirected to your ISP's server
- spam is received by your ISP's server, seen as spam and blocked/deleted (you never see it)
Sounds harmless unless you realize what your ISP is doing. When they get a spam email, they check to see who sent it to them. In any other case (when not using a forwarder), it's probably a server from another country. Eventually, if they get enough bad email from that server, they'll stop accepting email from it altogether. When you use forwarders though, the email your ISP blocks looks like it came from your employer and they think your employer is the spammer.
Eventually, once enough ISPs block spam emails from your employer's server, they are reported to the spam blacklists I mentioned earlier. This causes many other servers that use those lists for spam checking to block your employer's emails. Bad news.
This is my headache this last week. It's not the first time it's happened (and in fact, happened twice this week).
There are 3 possible solutions we're looking at. If you can think of others, please leave a comment on this article:
1) Stop allowing forwarders altogether (or stop allowing forwarders that redirect to remote systems). This fixes the problem altogether.
2) Reconfigure our system to scan forwarded emails before they're sent off. This has proven to be very difficult to do and, since no spam filter is perfect, spam could still get through which could give us a bad name.
3) Use an outside email hosting service that allows forwarders. Fixes the problem altogether (or at least makes it someone else's problem).
I think we're heavily considering option #3 at the moment. More specifically, Google Apps. Leverage the power of Google's already established Gmail email service (and their spam filters) with the size and scale of Google to provide a pretty powerful and feature-rich email experience for our clients.
Good luck to any other system admins that are fighting this right now. It's a tough position to be in. Maybe we'd be better off if we hadn't started off offering forwarders to ours users but we did so here we are. Maybe offloading email to an established service like Google for everyone's email (regardless of forwarder use) would be better for everyone and remove us from this equation.
Categories
work0 TrackBacks
Listed below are links to blogs that reference this entry: Email Forwarders and Spam.
TrackBack URL for this entry: http://blog.troydavisson.com/mt-tb.cgi/10
Leave a comment