Controlling Spam

David Wartell

As the systems administrator at any organization with a dedicated Internet connection already knows, unsolicited commercial email, or "spam", is a hot topic. Users of your network, your co-workers, your boss, and even the government have something to say about unsolicited email, and none of it's nice. Tools and techniques for defending against spam and keeping it out of your organization's network have been the subject of many articles and books. While this problem definitely deserves the attention it is getting, there is another closely related problem lurking in your network.

This problem is how to stop users on your local network from sending unsolicited bulk email into the wilds of the Internet. Preventing users on your network from sending spam can be tricky. These individuals have already been given some level of trust if they have been allowed to connect to and use the resources of your organization's network. Your mail server has to be open to relaying from these user's computers if they are to send any email at all. And, tricks using reverse DNS lookups to test the validity of these user's hostnames won't do any good, at least if you have your DNS configuration in good working order. To cope with the problem, most organizations just post the industry standard acceptable use policy, maybe even make some users agree to it, and if the agreement is broken, the user's account can be removed to prevent further abuse.

This approach works, but there is a high price to pay. Valuable network bandwidth and CPU time may have already been consumed by tens of thousands of spam emails by the time the complaints start rolling in.