Of course, there’s nothing to keep spammers—particularly quasi-legit ones distributing ads for things like cut-rate mortgages and pasta pots—from using sender authentication schemes. In fact, they’ve already started doing it. So the second piece of the puzzle is a reputation system that lets your ISP or email software know what kind of mail the sender is spewing out.

The largest email reputation system is run by IronPort, which publishes some of its data at a free site called SenderBase (http://www.senderbase.org). IronPort analyzes millions of messages every day, then generates a reputation score for each sender, similar to a person’s credit score (see Figure 7-3). The score factors in parameters such as the sender’s geographical location, how long the address has been active, whether it can receive mail (most spammers won’t), and if ISPs have received abuse complaints about the sender. This lets IronPort differentiate between high-volume but legit senders like AOL or Comcast and sites that spring up overnight and begin spewing millions of messages per hour—a likely sign they’re a spam house.

Figure 7-3. Reputation systems like IronPort’s SenderBase give you the scoop on who’s spamming who.

Email administrators can check SenderBase and manually set their servers to accept or reject messages based on the sender’s reputation. IronPort also sells network appliances ...