Internet Security: Too much?

Apropos of my recent post on the many vulnerabilities of Microsoft Internet Explorer, I thought I would share another experience that has arisen in the context of this blog.

From time to time in connection with my law practice, I send out via email information to clients with an attachment. Sometimes there is little or no information in the actual text part of the email. Worse, sometimes there are multiple recipients.

Today, I noticed that three recipients rejected my email. Upon further investigation, I discovered that my law firm's IP address had been listed on a spammer service. (You can check yours here http://openrbl.org/ ) Ostensibly, this is because some mail with a virus or trojan was relayed at some point from this IP, or there was on open proxy.

This particular server runs a dedicated e-mail virus scanner that updates its indexes every 2 hours and heuristically scans for malicious code. It is behind a very expensive, very fancy Firebox firewall with literally five or six open ports. I have performed a security audit of this server on my own, and, I should add that it would be very difficult to penetrate it from outside.

I requested that my IP be removed, but I have no idea how effective this will be. This database claims that it lists 82,000+ IPs.

This is going too far.

I hate spam. I think it and spyware are combining to break the Internet. However, seriously impeding the flow of legitimate email is even more damaging. Spams can be deleted; block legitimate emails are unknown to the recipient!

Here are some suggestions in the meantime.

(1) No more e-mail lists. Use a blog or a hosted webpage and have people check the link.
(2) Use your ISP's SMTP relay exclusively (they might have ridiculous restrictions thought)
(3) Request a delivery receipt or a read receipt on all important messagegs.

It's one thing having to work to stop spam. It's another thing to have to monitor services tracking spammers to make sure your legit mail is working.