It hasn’t been a great week this week (March 1-5) for some of our customers who use us for outbound mail relay. I’m not going to name names because there have been a wide variety of users, but every single day this week we have had one or two organizations that have been sending abusive content to the rest of the Internet. A normal week is one or two violations. We’ve had 8 or 9 so far and we haven’t even hit Saturday yet.
Now, I will admit that the script I use to track the egregious violators was written by me, and this script had an error that I only managed to fix on Feb 25. So, it’s possible that we had a lot more violators each week, I just didn’t know about it. What’s weird is that my script worked sometimes but not always, I had to do some debugging and I found that another script that it points to got moved and so for some reason it was working part of the time but not all of the time. Why it worked some of the time makes no sense to me since it was pointing to a non-existent piece of code…
Anyhow, the point is this week we have seen piles and piles of outbound spam emitting from our network. It’s been so bad that I have been prompted to accelerate my plans to mitigate it by coming up with some band-aid solutions. I am experimenting with auto-additions of known bad users from organizations with checkered reputations. In other words, if you were bad before, then we will auto-add users to a banned_sender list until they clean up their act and there will be no notification that we are going to do this.
Automation of actions like this are risky. But we can’t keep going like this because these spam campaigns are happening in the middle of the night. Three hours later they are done. Our reaction time needs to be quicker and human response just isn’t fast enough.