Be sure that your emails don’t look like typical spam emails: don’t insert only a large image; check that the character-set is set correctly; don’t insert “IP-address only” links. Write your communication as you would write a normal email. Make it really easy to unsubscribe or opt-out. Otherwise, your users will unsubscribe by pressing the “spam” button, and that will affect your reputation.
On the technical side: if you can choose your SMTP server, be sure it is a “clean” SMTP server. IP addresses of spamming SMTP servers are often blacklisted by other providers. If you don’t know your SMTP servers in advance, it’s a good practice to provide configuration options in your application for controlling batch sizes and delay between batches. Some mail servers don’t accept large sending batches or continuous activity.
Use email authentication methods, such as SPF, and DKIM to prove that your emails and your domain name belong together. The nice side-effect is you help in preventing that your email domain is spoofed. Also check your reverse DNS to make sure the IP address of your mail server points to the domain name that you use for sending mail.
Make sure that the reply-to address of your emails are a valid, existing addresses. Use the full, real name of the addressee in the To field, not just the email-address (e.g. "John Doe" <john.doe@example.com> ) and monitor your abuse accounts, such as abuse@example.com and postmaster@example.com.
This may be a pure management issue, but in my experience this kind of decision devolves to the sysadmin staff to justify and enforce all too often. Because of this, it is my job as the sysadmin to convince management that there is a problem here and it should be taken seriously, and to posit management mechanisms that may be useful.
One of my old employers had a GroupWise system, which at the time didn't have any quota mechanisms in it (this was a while ago, GW has had it for some time now). So ultimately we resorted to a peer-pressure method. Each month we'd print off a report of the $X largest mail-boxes in each department and send the reports off to the office-managers. Within two months the top-5 list of largest mailboxes had a much smaller average size.
Some methods I've found useful for convincing management to pay attention to this issue:
Define the cost of mail storage
If you're getting the "but Google does it" pushback, start building spread-sheets that show how much mail costs. Managers understand cost. You, or the people you buy things through, have the costs for your server hardware, software, AV software, and other related costs. From this you can assign a dollars-per-MB number for mail storage. This allows you to give a decently good dollar value for a 3GB mailbox versus a 200MB mailbox.
This, by the way, is why you learned algebra back in school.
This can go one of three ways:
- They increase their mail-storage spend. They see the numbers, realized they're under-investing, and throw money at it to get to where you "should" be.
- They agree to provide downward pressure on mail growth in order to better control this cost.
- They say %*&!@ it! To the cloud!
Produce mail system upgrade costs
If the above is beyond your mad spreadsheeting skills, producing upgrade plans for keeping ahead of your storage consumption curve is a good way to at least get the conversation started. When they see bigbigmoney for upgrades, they'll ask why. And then you'll tell them. When they ask how they can avoid this cost, mention providing downward pressure on the big mail users.
I've done both of the above to justify simple storage purchases. The same techniques work for email, where you've got an entire application stack sitting on top of your storage/backup infrastructures. Dollars (or currency-of-choice) per unit is a great method of highlighting costs and the perils of overindulgence. Sometimes it can cause very significant strategic changes (see also, to the cloud!). Sometimes it can jar loose resources.
Politically speaking, it's a good idea to provide some suggestions for how to provide downward pressure for email consumption. But that's all they are, suggestions to the management who has to actually implement them or convince other managers to do so.
Best Answer
Just something to consider: if the ISP isn't doing some proper spam filtering, you might want another provider for your email. If you subscribe your friend for a GMail account, he'd still have a web interface plus POP3/IMAP access and he can just forget about his ISP-provided mail account.
I hate it too, though. I've had a CompuServe account since 1993 and around 1999/2000 I started having some serious spam problems with that account. Fortunately, I've always had multiple mail accounts so I avoided my CompuServe account, which would just end up being flooded. I added some rules to this account to just forward emails from people on my whitelist to my new account and all other emails were just trashed. (I did check their senders and titles before trashing them, though.)
I stopped using Compuserve in 2005. I wasn't receiving any more important emails on that account and even stopped checking it for new emails. It was all spam anyways and Compuserve didn't bother to do something about it so I had no use for it.
Complain to the ISP, telling them to take action against this flood of spam. They should be able to recognize it and thus block it even before it reaches your mailbox. Or just forget that mailbox and use GMail instead, adding rules to your old mailbox to just forward any important messages to the new account.
For businesses, there's also the Google Postini services which aren't free but might be useful for people who run their own business with their own domain name. Or people who can't switch provider.