Anti-Spam Toolkit: Network Operators

Why should I be concerned?

  • In 2015, spam consisted of nearly 50% of all email traffic. High spam traffic puts undue strain on network resources.
  • Increased load on ISP mail servers creates higher bandwidth costs for ISPs.

What can I do to reduce spam on my network?

  • Facilitate global operational communication and coordination between yourself and other network operators.
  • Maintain globally accessible up-to-date contact information to ensure your availability in the event spam is originating from your network.
  • Take steps to maintain the security of your Domain Name System (DNS) records. Most spam-related malware crucially relies on DNS.

For more information and tips, see see Operation Safety-Net: Best Practices to Address Online, Mobile, and Telephony Threats (M3AAWG and LAP), Anti-Phishing Best Practices for ISPs and Mailbox Providers (M3AAWG and APWG)

How can I tell if spam is being sent from my network and address the problem?

  • Listen to reports from your Internet service provider or other network operators that spam has been observed coming from your network.
  • Look for unusual activity – e.g. infected machines, which are responsible for the majority of spam, tend to do more DNS queries than uninfected machines.
  • Quarantine or take the infected machine off of the network until the problem is resolved.
  • If an email account has been compromised, contact the account holder to determine the cause and scope of the problem.
  • Make a new strong complex account password.·
  • Filter outbound traffic to better quarantine outbound spam.
  • Utilize a spam filtering mechanism to lower instances of phishing attempts.

For more information, see Vircom’s article How to detect a spammer on your network? What to do about it?

What should I do to help others against spam?

  • Educate your users on phishing attacks and anti-spam techniques.
  • Keep in contact with other network operators concerning spam.

For more information for users, see the toolkit’s User section and for more tips see Vircom’s article How to detect a spammer on your network? What to do about it?

We also encourage all network operators to follow the recommendations and principles of the Mutually Agreed Norms for Routing Security (MANRS) document. While MANRS compliance alone will not reduce the amount of spam on your own network, taking the actions can help reduce some of the overall conditions, such as IP address spoofing, that help spam thrive.