The problem with spam

With MailArmory on its last legs I wanted to outline exactly why spam is such a big issue for exmsft.com.

As you might imagine, there’s a lot of spam headed at email addresses on the exmsft.com. While most, I’m sure, are typical, run of the mill, spam-the-world kinds of spam, I also suspect that there are some specifically targeted at a server that has this amazingly coincidental population of people that used to work for Microsoft.

Bottom line: it’s a lot.

To date Mail Armory has been preventing most of that from ever reaching us.

We’re faced with two immediate problems when MailArmory goes away without an equivalent replacement:

  1. Server load. As all that spam that we previously never saw actually makes it to the server, the server will have more work to do to handle it. On the surface this would seem minor, but in fact it can be quite significant. Spam seems to come in waves, and I’ve seen servers – otherwise healthy servers operating just fine – brought to their knees by a sudden and ongoing flood of incoming spam.
  2. Blacklisting. Since the majority of the accounts on exmsft.com are nothing more than forwarders, we’ll now be forwarding all that spam(*). We’ve seen this in the past when an account gets hacked, or MailArmory has a temporary problem – many of the services that we forward mail to are quick to blacklist exmsft.com if they see it forwarding a bunch of spam. They see exmsft.com as the “source” of the spam, even though we’re really just an innocent middle-man.

(*) We do have a spam filter in place (SpamAssassin), but it’s not that great, and for various reasons we can have it discard only the worst of the spam. A lot makes it through.

Now, problem #1 turns out to be the easiest to deal with. exmsft.com is actually a virtual server (Out at StormOnDemand – a Liquid Web company), and as I type this it’s the smallest server they offer. If and as needed we can crank it up to be a more powerful server by twisting a dial and rebooting, with a just a little bit of down time (and an incremental infusion of money, of course).

It’s #2 that’s a problem.

I’m aware of three solutions to problem #2:

  • Replace MailArmory with something equivalent and cost effective. I’ve been trying to do this for some time and have come up empty handed. For reference, the “new” MailArmory would run about $12,000/year for the number of accounts we have, and that’s actually at the lower end with respect to the competition. (The folks at FRII, who have run MailArmory so long, replaced it with an outsourced service so they don’t have the price flexibility they once had. They’ve been willing to get it close to “cost” for them, but that’s still way more than the $0/year we’ve paid to date.)
  • Find an email service that we can deliver to that will promise never to blacklist us, and who has good spam filtering, and recommend strongly that people change their forwarders to forward to that service. Let other services blacklist us should the elect to.
  • Change all the forwarders to POP3 accounts and stop forwarding. This is labor intensive to set up, and everyone would have to change how they access their exmsft.com email. This simply eliminates forwarders. Accounts would have a quota, so POP3 download would the only supported way to access your email, and should be set up to happen regularly (i.e. once a day) to avoid exceeding the quota. “Leave messages on server” and IMAP would not be supported. (Recommended solution would be to use a Gmail account to POP3 pick-up the email and spam filter it at the same time.)

At this writing it seems that the later option will be inevitable.