North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ISP wants to stop outgoing web based spam

  • From: Hank Nussbacher
  • Date: Wed Aug 09 16:09:44 2006

On Wed, 9 Aug 2006, Ken Simpson wrote:

Typical SMTP headers of http based spam:

Received: from ( [])
  (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep  8 2003))
  with ESMTP id <[email protected]> for
  x; Wed, 09 Aug 2006 14:42:35 -0400 (EDT)
Received: from (localhost [])
        by localhost (Postfix) with SMTP id 032883F01   for
  Wed, 09 Aug 2006 14:42:35 -0400 (EDT)
Received: from ( [])
        by (Postfix) with ESMTP id 8F6993F03 for
  <x>; Wed, 09 Aug 2006 14:42:35 -0400 (EDT)
Received: from (unknown [])
        by (Tumbleweed MailGate) with ESMTP id
72D1748A5C673; Wed,
  09 Aug 2006 13:42:51 -0500 (CDT)
Received: from [] (Forwarded-For: [xx.56.145.19])
  by (mshttpd); Wed, 09 Aug 2006 12:39:46 -0700

The key here is the bottom Received with the mshttpd. Only once it hits (this is just an example of the dozens I see per day), does it get converted into smtp, but the xx.56.145.19 IP is the one that gets listed in spam BLs.

Basically, the state of blocking outgoing spam hasn't progressed in the past 4 years. Bummer.

Hank Nussbacher

I thought it was pretty clear that he was talking about e-mail spam
submitted using HTTP to webmail services like hotmail, yahoo and gmail:

I guess I'm still a little confused about the poster's original request. It sounds like he is interested in stopping his own users from spamming via web-based email services such as Gmail and Hotmail, or via insecure forms. That can be accomplished hypothetically by filtering HTTP requests and looking for spam in POSTs; although with the proliferation os AJAX-style interfaces in these services, figuring out which POSTs refer to a message submission is far more difficult than it was in the good old Web 1.0 days.


MailChannels: Reliable Email Delivery (TM) |

Suite 203, 910 Richards St.
Vancouver, BC, V6B 3C1, Canada
Direct: +1-604-729-1741

This Mail Was Scanned By Mail-seCure System
at the Tel-Aviv University CC.