Best Practices How to Control Outbound Spam By Desmond Liao | 4 minute read Outbound spam in your network usually indicates a compromised account. Just one compromised account can damage your email reputation and negatively impact the successful delivery of customer email. This can result in customer churn, increased support tickets, and a tarnished brand reputation. Outbound spam primarily comes from three sources: Compromised users – legitimate users that have been unwittingly compromised to send spam. Compromised servers – computers infected with malware and added to spam-sending botnets. Compromised applications such as WordPress – legitimate sites that have been hacked to send spam. Common problems associated with outbound spam Hosting providers may face a number of issues impacting their infrastructure, cost of business operations, and users’ level of satisfaction as a result of outbound spam. For example, nearly 40% of hosting providers report that their IPs have been blocked at some point during just the past 12 months. Blocklists – Spam emitting from your network is an easy way to have your IP address added to an IP blocklist. When your IP address is listed on a blocklist by email receivers, any legitimate email users are trying to send will not be delivered. Customer complaints – When email is being blocked, the impact is immediate and will likely be noticed by customers and generate a lot of support tickets. What web hosting providers can do to control outbound spam First, every web hosting provider should set themselves up to receive feedback about the email coming from their IP addresses. By receiving feedback and taking action against bad senders, you can defend your IP address reputation and optimize your customers’ ability to successfully deliver email: Monitor Real-time Blocklists (RBLs) – Using a tool such as RBLmon or MxToolbox, receive alerts when your IP addresses appear on an RBL. RBLs are not very granular and lag the abuse significantly, but it’s better than doing nothing, and RBL monitoring is extremely easy to configure if you use a monitoring service. You can even monitor RBLs yourself using an open source tool such as BlacklistMonitor, which provides an easy-to-use Docker container for rapid and easy deployment. Monitor Spam Traps – Develop your own spam trap network or rent one from Abusix or another reputable spam trap provider; receive alerts when your IPs send email to spam traps and take action against those customers. Spam traps can provide rapid, proactive feedback that lets you know about abuse before email recipients start complaining. Monitor your Abuse Address – The internet provides you with free feedback on the quality of email coming from your IP address space. Make use of your abuse contact address by feeding abuse emails into a tool such as Abusix or the open source AbuseIO tool, where tickets can be automatically categorized and handled. Set up Feedback Loops (FBLs) – Larger email receivers such as Comcast and Microsoft let you sign up for detailed feedback reports of spam that their users are seeing from your IP addresses. FBL traffic can be injected into your abuse pipeline via Abusix or AbuseIO and can provide rapid feedback to help you shut down abusive senders rapidly. If you don’t want to monitor blocklists, process abuse feedback data, and build and maintain an overall abuse handling system, there are two alternatives to consider: Block port 25: If your customers don’t need to deliver email, then block their access to send email by default. Many customers don’t need email service. Why give spammers the opportunity to send by default when most of your customers won’t need this capability anyhow? Send outbound email through a third-party SMTP relay: Outgoing email messages sent through a service like MailChannels Outbound Filtering are automatically monitored for spam and unusual sending activity before final delivery. Effectively, the entire problem of email delivery is outsourced to someone else and is no longer your problem. How MailChannels works Outbound email is redirected through MailChannels via a ‘smart-host’ relay or cPanel integration. Behaviour and reputation analysis helps capture obvious spam messages; blocking offending accounts when they send too much email marked as spam, or disabling accounts when they send too much in a short time frame. The integrated content filter helps capture spam, phishing, and other malicious emails. SMTP traffic is segregated into separate pools of IP addresses: Every outbound message is grouped with related traffic. If a message is determined to be suspicious, it’s delivered through a secondary, less reputable IP address pool. Monitoring of IP reputation: Monitors help notify you when there is spamming activity within your network. Clean, legitimate email is forwarded on to the email recipients’ email servers.