A mail administrator’s worst nightmare is spam. For a person tasked with ensuring users can send emails to recipients inboxes and ensure the users themselves don’t get junk email, when anything is out of place, one can’t sleep. From bouncing emails to blacklists to user calls when mails aren’t working; the fear one has of going back to work the next morning knowing there’s a spam crisis is real. Or even receiving a call from your boss or a client. So unsettling. Spam has become a multi-million dollar business world wide. Spammers work hard to protect their big money potential and find ways to keep spamming. On the other hand, other organizations make profits by offering solutions that fight spam.
The Spam Challenge explained further.
It is estimated that more than half of email (52.48%) sent world wide is spam email, according to securelist.com. Additionally, even as late as 2018, spammers earn as much as $7000 daily from spam email they send. So you can understand why its such a ‘sweet’ business for some.
From a system administrators point of view, many things cause spam, starting from poorly configured mail servers and servers using obsolete mail software. Sometimes you get a new email admin who is learning how to manage mail servers and bad users out there targeting to exploit these admins. When you find a single mail environment with all these aspects put together, then well over 70% of mail from the server will be spam.
When you send spam, knowingly or unknowingly, your server provider may choose to block your port 25 to prevent mail from going out through their network and worse, your mailing IPs gets blacklisted meaning you cant send emails to most other ISPs. Even if your email is sent, it will be flagged as spam and people wont open it. People trust Gmail when it says your mail is spam. People trust their email clients.
As a mail administrator, you are responsible for ensuring users send mails when they want, users receive emails they expect and they also don’t get junk email they don’t want. In a way, this last task also ensures security for the whole system as its well known that spam is one of the most efficient ways to spread malware and phish against users. So if you fight spam, you are also securing the system.
How to configure your mail server to avoid spam.
To setup an effective mailing system with no outgoing spam and almost near zero incoming spam, you must take into consideration all mailing standards set. This is the first step to ensure your emails get delivered. A simpler way most organizations have opted for is to use premium mail services such as Gsuite, Microsoft Exchange and Office 365. But some organizations still don’t like putting their emails on other people’s hands. Plus it may be cheaper to manage their own server than subscribe for the service.
When setting up a mail server, take note of this to prevent spam from being sent from your server:
- The mail server must follow standards set out in RFCs. See this guide from FastMail for RFCs relating to emails.
- The mail server should be accessed via a secure webserver I.e enable https for the webmail interface. Don’t let attackers get users passwords, they’ll use them to spam.
- Install antivirus and antispam software. Examples of these are SpamAssassin, Amavis ativirus, ClamAV which are all free.
- Separate mail server from web servers. When attackers hack web servers, one of their objectives is always to send spam from that system. Separating mails from web files, hence avoiding the need to install mail software ona webserver, is an effective way to prevent outgoing spam. If not possible, disable some functions such as PHP mail() function to prevent spam from being sent from scripts.
- Set limits per user and per domain for number of emails sent per hour or per day. If a users account is somewhat compromised, maybe they visited a funny site and got malware on their computer and someone is now able to use their SMTP connection to send mails via , say Outlook, you can minimize the effects by setting limits to mails sent per hour.
- Enable SPF, DKIM and DMARC checks. SPF, DKIM and DMARC are DNS records designed to confirm that emails are actually comin from the servers they say they originate from and that the sender is actually the one who sent the email. Add this on your domain to prevent others from being spammed in your name. Let your mail server check this for incoming emails to prevent your users from being spammed.
Like any other industry in the IT sector, Spam is growing fast and will keep changing. But so will the means to fight it. The best chance email administrators have is to keep up with the changes and employ all measures at their disposal to combat spam on behalf of their users. Setting up a robust mail server isn’t always expensive. It just requires skill, which isn’t hard to get, to set up a reliable mailing environment. This actually, is what people sell when they sell email services. They sell a unique ability to ensure your email is delivered and you are safe from spam. We’ll see in this article how to create a proper mail server of your own using free tools.