Recent headlines (
http://www.physorg.com/weblog/news1013.html, for example) warn of a new spam technology that will help spammers outfox some anti-spam technology.
Currently, many thousands (millions?) of compromised computers are sending spam directly to target mail server, bypassing the spam source's mail server. A large percentage of anti-spam technology is based on the assumption that e-mail coming from a machine that is not listed as a mail server for the sending domain has a good chance of being spam, and messages from an ISP's mail server is likely to not be spam. Of course, other technologies exist -- black lists of known spam sources, keyword filtering, etc. This new technology allows the spam to appear as if it came from the sending domain ISP's mail server, thus adding legitimacy to the mail.
So these "spambots" are becoming ever more clever and capable. What can be done to stem the tide? Spam will never completely go away, not until everyone who accesses the Internet believes in TANSTAAFL. Still, here are, IMHO, some steps that ISP's can take right now to reduce the tide:
1) Block outgoing port 25 (SMTP) access by subscriber networks. Only allow your subscribers to access your mail servers for mail transmission.
2) Enforce SMTP authentication.
3) Enforce a per-day message limit for consumer accounts.
4) Do spam/virus testing for outgoing messages. Of the ISP's I've talked too, those that did do any kind of virus checking only did it on incoming mail.
5) Create an
SPF record for your domain. On incoming, enforce SPF "Fail". SPF "Pass" is useless as an anti-spam tool; spammers were among the first to sign up. SPF "Fail" can be very effective, though.
6) encourage use of more secure e-mail clients
None of this is hard, none of it adds an appreciable amount of labor, and I think it's a good place to start.
General