AFA recommendations to fight Spam
In order to effectively fight spam, Internet users must concurrently follow the recommendations below:
1. A residential user's station should be able to send out e-mails only via its e-mail service provider's server.
2. E-mail servers are encouraged to allow the authenticated transmission of users' e-mails from their service on port 587.
These two recommendations which relate to e-mail service (non instantaneous), imply a distinction between, on the one hand, exchanges among mail servers, and, on the other hand, exchanges between mail servers and their clients.
The second recommendation must draw the attention of software publishers and hardware manufacturers, whose products should enable an easy configuration of e-mail tools so that each e-mail address of a user can be easily configured out on this port.
The use of this port is also highly beneficial to the user, since it enables him to send messages to his service provider's server without modifying the parameters of his e-mail software, irrespective of the network from which he is connected.
These two recommendations aim at preventing residential users from being unwilling spam broadcasters, particularly by protecting them against various types of computer attacks. They assume that e-mail service providers provide for the implementation of the necessary measures for the detection of spam, which will, as a result, be more massively sent to their servers.
3. E-mail service providers can be led to detect abnormal behaviours (virus transmission, mail bombing, massive spamming, etc) and can then block the account(s) of users whose station has such a behaviour.
The purpose of this recommendation is to protect users, in particular through the detection of "PC zombies", in order to give back to genuine users the control of their machine. The corruption of a work station endangers the data, especially those of a personal nature, stored on the hard disk of that station. It also enables the transformation of this work station into a storage space for phishing sites or into a spam-emitting server, both situations endangering the personal information of other users of the network.
4. E-mail servers should have a reverse DNS for every emitting IP, including the name of the domain to which a message abuse can be sent for this mail.
5. All e-mail domains should arrange for an e-mail address in the form of "abuse@domain". This address should be a valid one and be processed daily.
6. Webmail service providers should secure these in order to prevent the automatic creation of new accounts.
Document posted on-line on: April 26, 2006
In order to effectively fight spam, Internet users must concurrently follow the recommendations below:
1. A residential user's station should be able to send out e-mails only via its e-mail service provider's server.
2. E-mail servers are encouraged to allow the authenticated transmission of users' e-mails from their service on port 587.
These two recommendations which relate to e-mail service (non instantaneous), imply a distinction between, on the one hand, exchanges among mail servers, and, on the other hand, exchanges between mail servers and their clients.
The second recommendation must draw the attention of software publishers and hardware manufacturers, whose products should enable an easy configuration of e-mail tools so that each e-mail address of a user can be easily configured out on this port.
The use of this port is also highly beneficial to the user, since it enables him to send messages to his service provider's server without modifying the parameters of his e-mail software, irrespective of the network from which he is connected.
These two recommendations aim at preventing residential users from being unwilling spam broadcasters, particularly by protecting them against various types of computer attacks. They assume that e-mail service providers provide for the implementation of the necessary measures for the detection of spam, which will, as a result, be more massively sent to their servers.
3. E-mail service providers can be led to detect abnormal behaviours (virus transmission, mail bombing, massive spamming, etc) and can then block the account(s) of users whose station has such a behaviour.
The purpose of this recommendation is to protect users, in particular through the detection of "PC zombies", in order to give back to genuine users the control of their machine. The corruption of a work station endangers the data, especially those of a personal nature, stored on the hard disk of that station. It also enables the transformation of this work station into a storage space for phishing sites or into a spam-emitting server, both situations endangering the personal information of other users of the network.
4. E-mail servers should have a reverse DNS for every emitting IP, including the name of the domain to which a message abuse can be sent for this mail.
5. All e-mail domains should arrange for an e-mail address in the form of "abuse@domain". This address should be a valid one and be processed daily.
6. Webmail service providers should secure these in order to prevent the automatic creation of new accounts.
Document posted on-line on: April 26, 2006