North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ISP wants to stop outgoing web based spam

  • From: Michael K. Smith - Adhost
  • Date: Wed Aug 09 09:13:59 2006

Title: Re: ISP wants to stop outgoing web based spam

Hello Hank:


On 8/9/06 3:28 AM, "Hank Nussbacher" <[email protected]> wrote:

>
> Back in 2002 I asked if anyone had a solution to block or rate limit
> outgoing web based spam. Nothing came about from that thread. I have an
> ISP that *wants* to stop the outgoing spam on an automatic basis and be
> a good netizen. I would have hoped that 4 years later there would be
> some technical solution from some hungry startup. Perhaps I have missed
> it. What I have found so far is:
>
> Detecting Outgoing Spam and Mail Bombing
> http://www.brettglass.com/spam/paper.html
> SMTP based mitigation - thing on HTTP/HTTPS
>
> Stopping Outgoing Spam
> http://research.microsoft.com/~joshuago/outgoingspam-final-submit.pdf
> Research paper - nothing practical
>
> Throttling Outgoing SPAM for Webmail Services
> http://www.ceas.cc/papers-2005/164.pdf
> Research paper - nothing practical
>
> ISPs look inward to stop spam - Network World
> http://www.networkworld.com/news/2004/071204carrispspam.html
> Bottom line - no solution
>
> So I am trying once again.  Hopefully someone has some magic dust
> this time around.
>
> Thanks,
> Hank Nussbacher
> http://www.interall.co.il
>

My answer is based on the word "startup" so I'm assuming "no money" but I
could be "wrong".  :-)  We use the standard SpamAssassin, ClamAV setup both
on ingress and egress.  On egress we set the detection levels and divert and
save anything that is marked as Spam rather than sending it on with headers
and subject modifications.

We've found this to be very effective in reducing our scores with Comcast
and AOL in particular and it's pretty much stopped our being blocked by
those services, even using a fairly loose setting for SpamAssassin.  As a
service provider that forwards tons of mail to addresses on those networks
(previously un-scanned so we forwarded everything, including Spam) we've
found it essential to put these filters in place to guarantee (as much as
anyone can) service for our email customers.

Regards,

Mike