Securing Systems
Securing your systems against abuse by spammers is one of the most basic spam prevention steps you can take. Not only does it prevent abuse by spammers, but it can also protect your privacy and that of your colleagues or customers. Spammers are even breaking into systems in a targeted way to send from established email service providers' systems: Campaign Monitor attacked by hackers, some accounts compromised.
The United States FTC has a campaign, Secure Your Server, designed to counter spam. Follow the links below to learn about open relays, weak formmail scripts and open proxies and spam trojans, and to get advice about bouncing spam.
| If a mail server can be used to relay email by a third-party, it is known as an open relay. | |
| Open proxies allow anyone to establish a TCP connection to any location via the proxy, effectively hiding the connecting IP address. | |
| Many widely deployed webform-to-email scripts can be abused to send email to any recipient. | |
| Learn all about the spambots used to collect email addresses and how to avoid them. | |
| Phishing uses fake emails and websites to entice a user into disclosing usernames, passwords and credit card details to the scammer. | |
| Directory Harvest Attacks (DHAs) are carried out against mail servers to acquire a list of users on your server that will accept mail; that list is sold to spammers. | |
| Using a redirector to track outbound clicks to other websites is quite common. All too often the destination site of the redirector can be changed to an arbitrary site, which may be used by spammers or phisers to cloak their link in apparent legitimacy. | |
| The default configuration of many domain name servers (DNS) can allow spammers to steal resources from your servers. | |
| Sending bounces instead of rejecting mail can be a sign of a mail architecture in need of a redesign. | |
| Fake bounces are a broken solution in search of a problem to solve. | |
| Several antispam products have insecurities that may have been patched. | |
| If you need network or system security advice, you should hire a competent accredited security consultant. Consumers may find useful advice on the webpages of their ISP, or through a number of respected security websites. |
These pages linked to above are in no way intended to be a comprehensive guide to system and network security; following the advice given in pages linked to from these pages provides a bare minimum necessary to prevent abuse by most spammers.
This work is licensed under a Creative Commons License. SPAM is a trademark of Hormel Foods.
Page last updated: 02-Jan-2010