Web hosting companies are on the frontline of the fight against spam, both inbound and outbound. Spammers must constantly renew their stock of compromised servers and hosting accounts. Web hosting companies and their clients present a juicy opportunity. Access to a web hosting server means abundant bandwidth and computing resources, and all web hosts find themselves constantly assailed by automated bots looking for vulnerable systems to exploit.
Web hosting companies are in a difficult position because they provide hosting services to users who may not have the technical abilities to properly secure their applications. Hosting providers can secure servers and networks, but all it takes is for a client to forget to update their WordPress installation — a quick exploit leads to the injection of a PHP script and the spam starts flowing.
The web hosting industry is highly competitive, and many hosts walk a fine line between providing a great hosting experience and making a profit. Competition forces margins down, which means any extra costs cut into profit and viability. Customer support is a major cost center — it doesn’t take much to tip an account into the red, and the support costs that accompany spam are often more than enough.
Spam attacks have numerous negative consequences for hosting companies and their clients. For hosting companies that don’t monitor outgoing email for spam, the first they’re likely to know about it is when clients begin to lodge support requests complaining that their email isn’t being delivered. Because shared hosting companies use one IP address to service many hundreds of clients, a single spamming account can lead to mail delivery problems for a huge number of clients hosted on the same server.
When email inbox providers like Gmail and spam blacklist maintainers spot an IP sending spam, they block it, and the block propagates to all major ISPs and inbox providers.
No web hosting company likes to deal with hundreds of their clients clogging up phone support lines complaining that their email has stopped working. Complaints in forums and on social media can damage a hosting company’s reputation. Clients often decide to take their business elsewhere. They don’t care that the hosting company isn’t to blame; they just know that a service they’re paying for stopped working through no fault of their own.
Before anything can be done to mitigate the negative consequences of outgoing spam, web hosting providers need to know that they have a problem client or a hacked account. Waiting until IPs end up on blacklists isn’t a viable strategy. By then, the IP’s reputation is burned along with the account’s domain name.
Outgoing spam filtering benefits web hosts in three main ways:
- When spam is detected in outgoing mail, web hosting companies are immediately informed and given the information they need to find the source.
- Spam never makes it onto the open internet, so IP and domain reputation is maintained.
- Support cost are reduced because clients never have their ability to send email curtailed. In fact, except for the spamming account, clients need never know there was a problem at all.