ISPs from around the world have joined forces to kill spam: The Messaging Anti-Abuse Working Group (MAAWG), made up of ISPs, vendors, and anti-spam groups, this month agreed on methods to more easily identify botnet-driven spam and distinguish between legitimate forwarded email accounts and those used by spammers.

MAAWG has published two papers -- one outlining best practices for sharing dynamic IP address space among providers and another for ways to handle email forwarding.

"There have been industry discussions about sharing dynamic IP addresses for years, and even some proposals, but this paper represents the first time a sizeable group of ISPs have come together to agree on how to do it. The recommendations are another necessary step toward helping mailbox providers eliminate spam originating from botnets before it hits users' inboxes," said J.D. Falk, a member of the MAAWG Board member and director of product management for Return Path.

The IP address-sharing recommendations are aimed at making dynamic IP addresses more easily accessible to email service providers so they can better detect and shut down spam, which often uses dynamic IP addresses. The idea is to help them distinguish between valid email traffic and botnet-driven spam.

Email forwarding is another common botnet technique for moving spam. MAAWG also issued recommendations for helping ISPs separate spammers from legitimate users who deploy email forwarding services, and for avoiding inadvertently blocking legit accounts.

“Any address will attract some spam, and incoming traffic from a forwarded account that has been in use for years can look like a deluge of spam, causing an ISP to block it,” said Jordan Rosenwald, co-editor of the forwarding paper and Comcast manager of anti-abuse technologies. "Spammers also are developing new ways to use forwarded email to their advantage, so the steps outlined in this paper will provide savings for both forwarders and receivers, but more importantly, can help protect consumers from being unnecessarily and unintentionally blocked."

— Kelly Jackson Higgins, Senior Editor, Dark Reading