DreamHost Announcements

The Real Damage From Spam

Anyone who has used email in the last couple of years has probably had to deal with spam at least a little. Most people probably consider it an inconvenience that has to be endured as part of using email. Anyone who has had the same email address continuously for more than a few years probably see it as more than just an inconvenience as you probably receive a couple hundred spam messages a day. You also almost definitely use some sort of filtering system as well, though. I know I personally would be literally unable to deal with my email if I had no spam filtering. I’m probably a bit of an extreme case, but my junk mail filters kept about 850 spam emails from hitting my inbox just yesterday.

The annoyance of dealing with keeping your inbox clean is only a very small part of the spam picture, though. Most of the real pain is felt by companies like us: web hosts, email hosts, and network providers. Spam and its associated problems is something we deal with on a daily basis and many days it is one of our top issues.

Our customers expect us to provide them with a service that’s as hassle-free as possible and that includes the amount of spam they receive in their inbox. The job of deciding what incoming email is spam is difficult because each email recipient probably has a slightly different opinion on the matter. On top of that, a single falsely rejected message is a problem so that must be minimized. To that end, we use a relatively conservative blocklist on all of our incoming email servers. Even with a conservative blocklist like that one, our incoming email servers block about 60% of all incoming email as spam.

Even with a blocklist, a lot of spam still gets through and into inboxes. For instance, my 850 spams from yesterday were all after the 60% that was rejected at the email server level. Following that logic I may have actually been sent a whopping 2125 spams just yesterday! To help catch the rest of that spam, we also have our junkmail filter service. We still have the junkmail filter set to off by default and most of you have not yet enabled it. We don’t know for sure, but we have estimated that it may take more servers to scan all of the email than it takes to deliver all of it to your computers. Right now, we have 3 powerful servers scanning incoming email and we will continue to add more servers as more of you start filtering your email. We’re hoping our estimates are wrong because that would mean it would more than double our cost to provide email to you. We won’t charge you extra for that, of course, so we will be bearing the entire cost.

And that’s not the half of it!

The other side of this coin is spam originating from our servers. As spam filters have become more aggressive and the legal system has begun to tackle the problem of spam, spammers have increasingly been going underground and essentially stealing server and network resources from companies like us to send out their emails. Our own customers do occasionally goof up and send spam, but the majority of the spam comes from hijacked accounts accessed through security exploits in software installed under your websites. We have notified our customers repeatedly about known software security holes, but many of them still do not upgrade. That puts us in a sticky situation as we do our best to never take down a website unless it is absolutely necessary. We have to choose between keeping the website up and running and potentially allowing more spam to leave our network. We have historically risked it and left the website up, but that is fast becoming an option we cannot take.

When a certain amount of email deemed to be spam leaves one of our servers other email providers sometimes decide to begin blocking all email coming from the server. As they are also trying to provide a hassle-free email experience for their users that move makes sense in many cases. It gives us time to determine the source of the problem and clear out the spam so it is not delivered to anybody. That would all be ok, except for the fact that many email providers then refuse to remove the block. We have a very strong anti-spam policy and are very quick to respond to any and all complaints we receive about a spam originating from our system and yet still we are blocked. Some of them tell us they won’t unblock us unless their own customers complain to them about it. That doesn’t seem to be a very customer-focused way to do business to me. Forcing your customers to come to you and complain before you will provide them with a service they are already paying for (email to and from anybody!) is just plain crazy. That’s how bad spam has made things for companies like us and them!

The only option available to us now is to start limiting our own users and their legitimate use of email to protect our network from being blocked by trigger-happy email providers. We have long believed in leaving our system as open as possible so people can use our services in the ways that best meet their own needs, and it is always hard for us to make decisions contrary to that philosophy. Things have changed quite a lot since the days of the happy-go-lucky Internet of yore. There is some interesting looking technology on the horizon that may help the situation but it will be a long time still before anything like that will be truly effective. For now, we’ll just stay in the trenches fighting the noble fight.

About the author

Dallas Kashuba