There are several ways to stop spammers, or at least reduce the effect of spammers.
Most SMTP servers check the IP address of the sender of an incoming message, and see if it maps to the domain name of the one claimed by the sender. In our example, the SMTP server of profs.org checks the IP address of the SMTP server of school.edu, and use the rDNS (reverse DNS) entry of a DNS server to see if the IP address maps to the claimed domain name of school.edu.
If the IP address does not map to the correct domain name, then the message is discarded.
This method stops most spammers, but not all. A spammer can register for a domain name, and convince the hosting company to add an rDNS entry. This way, the rDNS method does not work.
Specific organizations keep track of lists of known IP addresses of servers that send out massive amounts of spam messages. One such organization is spamhaus.org. These organizations permit SMTP servers to query them to see if an IP address is black listed due to reports of spam.
Spammers get around this problem by using zombies. A zombie is a computer owned by a regular end user, but under the control of one or more malicious parties. Such parties can remotely instruct a zombie computer to send spam messages to a list of recipients.
This makes the problem difficult to contain using blacklists. First of all, there are at least millions of zombie computers. Secondly, many zombie computers do not have a static IP address. For example, if a zombie computer connects to its ISP via DHCP, then its IP address can change periodically, making a blacklist-based defense strategy useless.
If it is so difficult to identify and block bad servers, it may be easier to block everyone except for known-good servers!
That’s exactly what most commercial servers do. A sender (client) SMTP server must be a authoritative one in order for a connection to be accepted. Some servers permit unauthoritative clients a certain number of messages per day or hour. This means that a casual DIY (do-it-yourself) can still get some messages through, but a spammer cannot.