Having a bad reputation might have seemed cool when you were a teenager, but if your email server has been given a bad rap, it’s definitely UNcool especially if your business depends on delivering email. Trying to get your reputation back can be time consuming and costly, so the best approach is to do your utmost not to lose it in the first place.
So how does a reputation go bad?
To paraphrase Monty Python: ‘Spam, spam, viruses and spam.’ In this case, it’s not what goes into your server that counts; what comes out is far more important. If your mail server has been compromised in any way, you’ll soon find other servers refusing to accept your messages. The key to getting and keeping a good reputation is to make sure your server is as secure as possible, and that only authorized – and well-behaved – people are using it.
What to look for
Open relay: You must specify who is allowed to send mail out through your server by locking down relay to only the IP addresses used on your network, by forcing your users to authenticate prior to sending messages (via SMTP Auth or POP/IMAP Auth), or any combination of these methods.
In addition, use SPF 1 records and DKIM 2 to help identify who is using your server address legitimately versus those who are not.
Trusted addresses: Do NOT trust or whitelist your own IPs or domain name(s), or allow your users to trust their own email addresses / domain names. If a spammer spoofs a local address and begins broadcasting through your server, everyone on your system could suffer the consequences.
Scan direction: It is just as crucial to scan outbound mail for spam and viruses as inbound. You cannot trust that your own users will send only legitimate messages, especially when malware is specifically designed to spoof and abuse addresses.
Compromised accounts/passwords: Institute a strict password policy that forces users to a) use a complex structure requiring longer passwords (or passphrases), including upper and lowercase characters and symbols, and b) change them periodically. Which would you rather deal with: the few who grumble about the inconvenience, or the multitudes who will scream about their undeliverable messages?
Backscatter: Make sure your system uses BATV3 or some other filtering mechanism to properly handle bounce messages due to forged or wrong addresses, improperly configured forwards, out-of-office replies, over-quota or virus notices, etc. In fact, turn all virus notifications off if you still use them because they’re likely to be bogus anyway.
Quota and rate limits: Configure reasonable limits on the amount of outbound traffic allowed per user per day (such as by the total number of messages or recipients) to ensure automatic lock-down when/if an account is compromised.
In addition, keep regular watch on the level of outbound traffic and bandwidth used, to develop a gauge of normal versus abnormal behavior, and investigate any unusual activity immediately.
DNS verification: Use sites such as DNS Stuff 4 or MX Toolbox5to run diagnostics on your DNS server(s) to ensure that everything is properly configured.
Other security options: Use any and all methods of security available on your mail server, including inbound content filtering, RBLs, reputation systems, all connection-level blocking methods basically every weapon available in your arsenal – to keep as much junk as possible out of your server.
What to do if you become blacklisted
Please don’t assume that your system is tight as a drum and that the problem is on the other end. Nothing is completely foolproof. Run a complete system check on your mail and web server(s) to try to track down and correct any signs of a problem. Then, call the organization that blacklisted you and work with them to resolve any issues. The sooner you get yourself off the list, the better.
After all, your reputation with your own users is just as important!
Sources:
1. Sender Policy Framework: http://www.openspf.org/
2. Domain Keys Identified Mail: http://www.dkim.org/
3. Bounce Address Tag Validation: http://mipassoc.org/batv/draft-levine-batv-03.html
4. DNS Stuff: http://www.dnsstuff.com/
5. MX Toolbox: http://www.mxtoolbox.com/
Leave a Comment