Fighting back against spam

Real-time black hole
(Example products/services: WebShield, AppRiver, IronMail)

Real-time black hole improves on simple blocking by comparing the sender’s domain against a real-time list of known spammers. Products using this methodology frequently scan and block mail at the gateway, thereby preventing spam from ever reaching the email server. When considering using a product or service that employs a real time black hole, it’s important to determine what type of list or lists is used. In most cases, the lists are either comprised of domains or open relays.

Whereas using real-time lists of domains is a very effective method of blocking spam without incurring a high risk of accidentally blocking legitimate email, using lists of open relays is more problematic. An open relay is a mail server that is capable of processing messages where neither the sender nor the recipient is a local user. Open relays are frequently used by spammers to distribute their messages. Not every email administrator is necessarily aware that their server is an open relay; hence blocking open relays could result in a high number of false positives. As general awareness and understanding of spam grows, this could become a more viable method of reducing spam.

RFC compliance
(Example products/services: Alligate, ActiveServers, SpamCop)

RFCs or Request for Comments is a set of standards for communication across the Internet. No one is forced to comply with RFCs, but it’s generally regarded as bad practice not to do so. Some spam services/products offer the ability to block email originating from a domain or IP address that is not RFC compliant. As with open relay real-time blackholes, implementing an anti-spam methodology based on RFC compliance is at high risk for blocking a considerable number of legitimate messages. Again, as awareness of RFC compliance grows, this method will increase in usability.