Spam, Blacklist, problems ?

[winging]

I have two concerns after reading these forums.

1. My current web hosting company (but ending soon) has some spam filters in place, but large quantities still make it into my mailbox. About 9 months ago, every email account hosted by the firm was hit with thousands of emails per day. It took them weeks to get filters that worked properly. The Hostgator forums imply that each web site is on it's own to filter spam. What happens if thousands of email hit a range of IP addresses? Has this type of spam attack happened here? Is there no 'protection' offered?
2. What if a range of IP addresses a black-listed because of one of your 'neighbors' on a shared server. We are a non-profit and our email (though small in volume) is critical to our operation. How do you aviod putting your site in jeapordy? Have you seen this happen? How can you correct it if it does happen?

Thanks for you responses

[Nashville Guy]

I do quite a bit of work for a "Not for Profit" state agency. The answer for us was to host our own email in-house.

There are a number of things you can do on a hosted account to make sure that your site (scripts) are not sending spam. There are also a number of things you can do in-house to make sure that sending SPAM is not happening via your local PC's (such as anti-virus programs, etc). The reason I bring this up first is the matter of having your email domain listed in an RBL like SORBS or SPAMHAUS. NOT getting email has always been my concern versus getting SPAM, which is just an annoyance in comparison,

As for receiving SPAM, it is more or less up to you to tune your settings to filter out the crap. This is true whether you host your own email or not. For my "Not for Profit", I use a Barracuda in conjunction with a Novell Groupwise server. This combination works really well for us and blocks virtually all spam and UBE (and viruses!). There are a ton of other methods though, including Spam Assasin, which is an option via your Hostgator account. Spam Assasin is a built-in feature of a Barracuda, just so I don't seem to be advocating a single solution.

If cost is more of an issue than "mission critical", there are a number of threads open here that can help guide you in dealing with this issue. Hostgator is a mature company with solid techs. The community here on the message boards also offers some fine assistance. I am sure you have read enough to know who is who.

I have no issues AT ALL paying for someone to maintain a well configured, security minded Apache installation. Hostgator does that in spades. But when it comes to email, I handle that in house. That has not always been the case, but past experiences have shown me that mission critical apps requiring solid uptime are best handled at home.

I trust all of my http traffic to Hostgator no question. As for email? I trust my commercial solution more. Downtime on a shared server due to load or other reasons is not an issue. But cost is always a valid reason for making an IT decision.

Measure twice, cut once.

[Serra]

Quote:

Originally Posted by winging

I have two concerns after reading these forums.

1. My current web hosting company (but ending soon) has some spam filters in place, but large quantities still make it into my mailbox. About 9 months ago, every email account hosted by the firm was hit with thousands of emails per day. It took them weeks to get filters that worked properly. The Hostgator forums imply that each web site is on it's own to filter spam. What happens if thousands of email hit a range of IP addresses? Has this type of spam attack happened here? Is there no 'protection' offered?

HG currently uses Spam Assassin. There are a lot of features that account owners can adjust.

To my knowledge that type of spam attack has never happened or was never discussed here. HG is very good about handling problems like that. I suspect that it should have been handled by reporting the spammer and having them blacklisted, not by adjusting filters.

Quote:

Originally Posted by winging

What if a range of IP addresses a black-listed because of one of your 'neighbors' on a shared server.

\

As we say in the for-profit world, you're screwed. Shared severs can be black listed, it does happen, I'd say that at least one or two servers a month get blacklisted. This is removed within a week or so, but during that week, you are out of luck.

Quote:

Originally Posted by winging

We are a non-profit and our email (though small in volume) is critical to our operation. How do you aviod putting your site in jeapordy?

There is that word, "Critical". (feel free to read the other 50 threads I posted about people using the word CRITICAL) If your email is critical, then you get a dedicated server or a semi-dedicated account. Prices range from about $80.00 a month to $200.00 per month. This will eliminate the need for a shared account and the problems they bring.

The common response is that, "We are a non-profit, we can't afford that solution." If you mail is critical, then you can't afford not to use that solution. If not having email once or maybe twice a year will put you out of business, then I suspect your email is "critical". The truth is that I found that non-profits who say their email is critical to them will not pay to have it protected. Also, I suspect that missing email for a week or two will NOT have a huge effect on your bottom line and that email is NOT critical for you. If that is the case, then I suggest a fail-over solution would work for you. That would cost twice as much as a shared account, but you'd never be without mail.

So you will have to define critical, but my guess is that ALL non-profits who claim their mail is critical are simply wrong. I've never seen one yet, though I seen plenty claim they are.

Quote:

Originally Posted by winging

Have you seen this happen? How can you correct it if it does happen?

Solution 1: Dedicated server. No problems with your website nor your mail. As long as you are a spammer, you'll never be blacklisted.
Solution 2: Fail-over email server, like those offered by http://www.dyndns.com/. They have several solutions that may look good to you at prices that a non-profit may be able to afford.

[winging]

Thanks Serra.

In the sense of the 'for profit' world, our email is not critical. From our perspective, email is important as it is our only contact with our 'customers'.

We could live without email for a day, even two. Much worse is having to sort thru 1000 pieces of spam!

[Serra]

Quote:

Originally Posted by winging

We could live without email for a day, even two. Much worse is having to sort thru 1000 pieces of spam!

The solution for that amount of spam is to use a combination of Spam Assassin and Firefox. That would allow you to not have to deal with too much of it manually.

[vtrain]

about the word critical ;-) I would not define it only about money. Money it cost to have it above 99% of the time available (dedicated or what so ever) or the money it costs to the company to be one week without e-mail. That is a definition but not the only one. Critical can be oposed to personal use of e-mail. In an organization (non-profit or profit one) e-mail can be critical.

Solutions without going dedicated:
-dyndns that Serra spoke of. This will give you a good failsafe solution.
- having a forward from your shared account to a free e-mail (maybe the better is a gmail address). Then you configure gmail so that you can send e-mail with your custom domain in the From Field and that's it. You send and receive e-mail using gmail and if your shared is blacklisted it should not affect you. A Gmail, or related, account would also solve your spam problem. However, this does not solve the problem of servers failures...

David