On my website, members can send messages to each other, the message is sent directly to the member's email address, I'm worried that some members can send spam to other members (I have a basic spam filter in my site but there's no guarantee it will detect all spam messages) and since the mail is sent from my site's domain I could get my domain blacklisted in free mail providers like hotmail, yahoo, gmail .. etc, any suggestions how I could avoid this?
I thought about sending the mail from a randomly generated email address that doesn't exist, e.g. email@example.com (using a guid), so that if the address gets blocked it shouldn't be a problem as it will not used again anyway, how effective is this in your opinion? will my whole domain be blocked if any spam sent from it?
the criteria for blacklisting depends on the individual ISP's involved. the most notorious blacklisters are any of the ISPs connected to AT&T (includes BellSouthe, Comcast, etc.) and they generally blacklist an IP instead of a domain, so if you are in a "shared hosting" plan your actions could affect other domains on the server - and the actions of other domains affect your domain in these cases.
Outgoing SPAM can be detected, but normally by checking quantity of mails sent in a specified time containing the same characteristics. Can be effective and useful, but will also stop a legit mailing list dead in its tracks.
the best solution would probably be to provide an on-site messaging service similar to the one offered on this forum. any attempted "internal" spam can be easily detected and the spammer banned.
Thanks a lot for your answer, actually developing an on-site messaging functionality will be too hard at this stage of the project, also not really desirable for the sake of keeping things as simple as possible (it's a forum-based site so sending messages to other messages is not the main activity on the site) .. you seem to have deep knowledge on spam filtering and prevention so your opinion will be very valuable to me, what do you think about my idea of using randomly generated addresses, the point in doing this is that if I use one email address for sending messages, from firstname.lastname@example.org for example, and a member sends spam to another member (which unfortunately passes my spam filter) that address might get blocked by the mail provider (hotmail, yahoo, gmail .. etc), also the user might mark the message as spam which can make things much worse for me (by having this address blacklisted on the mail provider so I could become unable to send messages from this address to any members that use this mail provider!), by using a randomly generated address I'm hoping to avoid this problem, the randomly generated address will never be used again, so, it doesn't matter if it gets blacklisted or not, what do you think?
While I understand your rationale for considering randomly generated addresses, receiving a randomly generated address in an email screams to me SPAM, regardless of where it originates or what it contains. (just my opinion)
"Why must I be surrounded by frikkin' idiots?!" - Dr. Evil
"Remember: There are no stupid questions, only stupid people." - Mr. Garrison
but actually it's not the whole email address that's randomly generated, it's just the first part so it still comes from my domain, for example email@example.com (as you see the domain will not be randomly generated!)
your outgoing spam filter might or might not stop these mails depending on the settings,
but the majority of e-mail client programs will trash an email address in the format you suggest. "trash" can mean move to a "junk mail" folder OR "delete" depending on the settings.