North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ISP wants to stop outgoing web based spam

  • From: Hank Nussbacher
  • Date: Wed Aug 09 16:09:44 2006

On Wed, 9 Aug 2006, Ken Simpson wrote:

Typical SMTP headers of http based spam:

Received: from pmx2.montclair.edu (smtp-in.montclair.edu [130.68.1.65])
  by broadway.montclair.edu
  (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep  8 2003))
  with ESMTP id <[email protected]> for
  x; Wed, 09 Aug 2006 14:42:35 -0400 (EDT)
Received: from pmx2.montclair.edu (localhost [127.0.0.1])
        by localhost (Postfix) with SMTP id 032883F01   for
<x>;
  Wed, 09 Aug 2006 14:42:35 -0400 (EDT)
Received: from tw4.telgua.com.gt (tw3.telgua.com.gt [216.230.128.5])
        by pmx2.montclair.edu (Postfix) with ESMTP id 8F6993F03 for
  <x>; Wed, 09 Aug 2006 14:42:35 -0400 (EDT)
Received: from intelnet.net.gt (unknown [10.160.3.1])
        by tw4.telgua.com.gt (Tumbleweed MailGate) with ESMTP id
72D1748A5C673; Wed,
  09 Aug 2006 13:42:51 -0500 (CDT)
Received: from [10.160.3.30] (Forwarded-For: [xx.56.145.19])
  by messaging.telgua.com.gt (mshttpd); Wed, 09 Aug 2006 12:39:46 -0700

The key here is the bottom Received with the mshttpd. Only once it hits telgua.com.pt (this is just an example of the dozens I see per day), does it get converted into smtp, but the xx.56.145.19 IP is the one that gets listed in spam BLs.

Basically, the state of blocking outgoing spam hasn't progressed in the past 4 years. Bummer.

Hank Nussbacher
http://www.interall.co.il


I thought it was pretty clear that he was talking about e-mail spam
submitted using HTTP to webmail services like hotmail, yahoo and gmail:


I guess I'm still a little confused about the poster's original
request. It sounds like he is interested in stopping his own users
from spamming via web-based email services such as Gmail and Hotmail,
or via insecure forms. That can be accomplished hypothetically by
filtering HTTP requests and looking for spam in POSTs; although with
the proliferation os AJAX-style interfaces in these services, figuring
out which POSTs refer to a message submission is far more difficult
than it was in the good old Web 1.0 days.

Regards,
Ken

--
MailChannels: Reliable Email Delivery (TM) | http://mailchannels.com

--
Suite 203, 910 Richards St.
Vancouver, BC, V6B 3C1, Canada
Direct: +1-604-729-1741

+++++++++++++++++++++++++++++++++++++++++++
This Mail Was Scanned By Mail-seCure System
at the Tel-Aviv University CC.