go to Reviewsgo to Servicesgo to Registered Usersgo to Resource Centrego to AbleStable: Helpgo to About Us
go to AbleStable: Home Articles
go to Search

go to Exhibitions Centre
  The Internet: exploring the world of creative professionals
go to Help
go to Resource Centre
go to Library
go to Articles
go to E-Books
go to Glossary
go to Reviews
go to Web Link
Library > Articles > The Internet > 016

E-mail this web page address to a friend or colleague
Enter their email address below (no record is kept of this action)

How To Deal With Spam: Part 1 | Part 2
Contributor: Andrew Ward

The second part of Andrew Ward's informative article about the world of Spam (unsolicited email).

Heading For Trouble

Understanding headers can be a complex process since it involves unpicking
them to find out where the mail originated - there will be false trails and
unresolvable hosts. The overall objective is to identify the abuse departments of the relevant ISPs and organisations - usually, contactable via abuse@domain - and send them details of the spam and a request to disconnect the user or Web site.

Sometimes the message sent in these circumstances is (incorrectly) referred to as a LART (Luser Attitude Readjustment Tool), a fictional Unix command used to disable or kill the account of a misbehaving user (formed from loser + user). However, reading the headers manually and then looking up the relevant hosts and their owners can be a tedious process. If the only intention is to report the spam, rather than garner the sending host and mail server information to include in filters, then there are automated tools on the Internet to complete this task. One of the best, and easiest to use, is Alternatively, messages with full headers can be forwarded to

However the utmost care should be taken when using automated tools such as
SpamCop. If an ISP receives a complaint about an entirely innocent party then abuse complaints won't’t be taken so seriously in future. The results that SpamCop produces should therefore be carefully inspected before issuing the complaints.

Note too that SpamCop, being an automated tool, isn’t perfect. Sometimes it can fail to detect the originating mail host, and manual work will be necessary to track it down. You'll find some information on deciphering message headers at If you require more detailed reference works, these can be found at the following Web sites:

Remove Spam-Friendly Features

Unfortunately, early mail servers were configured in such a way that anyone outside an organisation could use them to relay mail, thereby helping to conceal the origins of spam. Instructions for configuring sendmail to close open relays, and other measures to help prevent spam, are at

Use External Services

At there are details of the RBL (MAPS Realtime Blackhole List), DUL (MAPS Dial-Up List) and RSS (MAPS Relay Spam Stopper). These are intended for use by ISPs and corporate network administrators to block mail from blacklisted sites, sent directly from dial-up IP addresses, and frpm open mail relays, respectively. The MAPS (Mail Abuse Prevention System) site contains details on how to use these tools with various different mail servers.

The RBL works by creating deliberate network outages. If spam originates from a traceable IP address, and after persistent complaints the ISP has failed to take the appropriate action, then the ISP may find some or all of its IP addresses added to the RBL. Organisations using the RBL can then choose to refuse to accept mail from those IP addresses, or to take whatever action is consistent with local site security policies. Some administrators reject all mail coming from such sites, and some will also direct any traffic destined for such hosts to a local black hole.

Note that use of the RBL (and DUL and RSS) may result in complaints from users that they can no longer receive mail from certain domains, so this rather drastic solution should be used with caution. Both the DUL and RSS are excellent means of cutting down on spam, and can be used in conjunction with the RBL or on their own.

Use Filtering Services

Spam prevention services use a number of different techniques. Filtering is not totally effective because virtually all spammers except the most stupid design their messages to overcome filters, but it can bring about a noticeable reduction in the amount of spam received. Of course, the drawback of an external service is that yet another provider is inserted in the path of incoming mail, which can only increase delays and outages. One service overcomes these problems. Brightmail installs a dedicated server at the customer premises that works in conjunction with the existing mail server. The Brightmail Server houses the collection of rules that filter spam, and these are updated at frequent intervals.

There are also filtering services available for personal use, for example at Similar sites are and also Some filtering services, such as that operated by SpamCop, optionally allow the user to reject all mail that doesn’t come from a pre-approved sender.

Install Filtering Systems

Filtering can be carried out in two ways - either at a point between the Internet connection router and the mail server, or within the server itself. The gateway solution prevents the spam from being transported and housed in the internal network at all, but the mail server solution doesn’t require any additional hardware and provides a central point of management for mail services. Another option is to configure the Internet router itself to ignore mail from IP number blocks that appear in the RBL so the traffic never enters the network at all.

Add-on spam filters available include Spam Assassin from
, Mail Marshal from, and MAIL sweeper from Baltimore Technologies ( In
addition,mail servers can themselves be configured to filter out spam. For example, Sendmail 8.9 and later versions have built-in anti-spam rules, filtering, and the ability to block known spammers and unresolvable hosts. These and other features are explained in some detail on the Sendmail Web site. New versions are detailed at

One user reported that working over 13,051 email messages, Spam Assassin - which identifies spam using text analysis - failed to correctly identify eight out of 253 spam messages, and also reported 12 false positives. Because any filtering tool might sometimes report false positives - that is, report a message as spam when it isn’t - it is important that mail identified as spam is not simply deleted. Instead it should be
put into a holding area where it can be manually inspected by an administrator and forwarded if appropriate. Alternatively, some schemes - such as Brightmail’s - allow individual users to inspect their own “gray mail” for false positives.

Mail Marshal works by filtering on content, using the MAPS RBL, and domain
blocking using domains specified by the network administrator. The Spam Manager and Spoof notifier within MAIL sweeper work by content filtering and detection of email that originates from a source other than the apparent sender, respectively.

How To Deal With Spam: Part 1 | Part 2

Authors background

This article by Andrew Ward first appeared as a guide at Tech Support Alert. In addition to a well respected computer technology bi-monthly newsletter, Ian 'Gizmo' Richards, editor of, provides many useful guides on his site that delve into many technical issues relating to computers.

If you observe inaccuracies in our in-house contributions or wish to contribute an article or review to be included at AbleStable® visit Feedback.

Copyright Notice
Although our contents are free to browse, copyright resides with the originators of all works accessed at AbleStable®, and unauthorised copying or publication of our site contents is strictly prohibited. To use our specially selected premium content go to Content Syndication and Licensing

AbleStable © 2002-2007


 All Material: AbleStable © 2002-2007
go to Frequently Asked Questionsgo to Feedbackgo to Press Centrego to Privacy Statement