North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: ISP wants to stop outgoing web based spam
On 8/9/06, Gregory Kuhn <[email protected]> wrote:
> > I think he's talking about blog spam, which is definitely submitted > over HTTP.
Similar. Picture this ...
1. A satellite connectivity provider, that provides connectivity to huge swathes of west africa, among other places.
2. West african cities like Lagos, Nigeria, that are full of cybercafes that use this satellite connectivity, and have a huge customer base that has a largish number of 419 scam artists who sit around in cybercafes doing nothing except opening up free hotmail, gmail etc accounts, and posting spam through those accounts, using the cybercafe / satellite ISP's connectivity.
3. The cybercafe / satellite IP shows up in a Received: or X-Originating-IP type header in the spam that results.
4. The satellite provider really needs to do something about this - something proactive, because trying to whack cybercafe based scam artists after the fact is just not going to work.
5. So - a spamassassin plugin to a squid or other transparent proxy, for outbound filtering.
Something that can be rolled out at the satellite provider level, or probably at the cybercafe level, and with an attached alert mechanism that logs the spamming IP, and the mac address of the PC that's sending the spam that got caught. Something that ISPs in west africa that operate on wafer thin margins, and resell satellite connectivity, can easily afford.
Oh - and something that is not the usual kind of corporation / library type firewall [those would do this, but they'd roll over and die at the least hint of actual production use in this kind of scenario .. as some ISPs who deployed these in W. Africa apparently found out]
I got asked this way back in 2005, and then talked to Justin Mason of the spamassassin project. He was of the opinion that it could be done but he wasnt too aware of anybody who had tried it, plus he didnt exactly have much free time on his hands for that.
Anybody who can do it - with open source and reasonably low costs, plus ISP grade scalablity - please do let me know. I know some people (including govt / LE) who would be just as interested as Hank is.
-- Suresh Ramasubramanian ([email protected])