Saving the Baby
So, the responsible admin can't just "set it and forget it." Legitimate traffic will be lost. But RBLs can still be useful, with some tweaking. MTAs that are RBL-aware can override RBL checks for specific IPs. Users who expect a lot of mail from new and diverse sources, such as a business, can have RBL-flagged messages diverted into a folder for manual review. Of course, this may be more trouble than it is worth.
Extensive use of whitelists is important; it's the best way to ensure that people you want to hear from will be able to successfully get through.
Careful selection of which blocklist to use will save a lot of aggravation. I've found Spamcop's to be reliable, though it's still not quite "set it and forget it." MAPS is rather controversial; a quick Google search will provide hours of entertainment. Spamcop and MAPS both offer paid services.
Some other useful measures:
- Have email addresses that are not blackholed, such as postmaster, so that legitimate users can find you when they have problems.
- Bounce a message explaining that their mail did not get through, and tell what to do about it. Link to a Web-based mail form.
- Include this information on the contacts page on your Web site. Provide a phone number, and be sure the person(s) answering the phone can be helpful.
It's a darn shame that we have to waste so much time and energy managing spam. I am optimistic that someday there will be a good solution...if we can hold out that long.
RFC 821, Simple Mail Transfer Protocol
The Spam Problem: Moving Beyond RBLs
Open Relays Database
Filtering E-Mail with Postfix and Procmail
See All Articles by Columnist Carla Shroder