|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: ISP wants to stop outgoing web based spam
On Wed, 9 Aug 2006, Hank Nussbacher wrote: The key here is the bottom Received with the mshttpd. Only once it hits telgua.com.pt (this is just an example of the dozens I see per day), does it get converted into smtp, but the xx.56.145.19 IP is the one that gets listed in spam BLs. Shouldn't most of freemail/webmail services be doing their own outbound spam and virus checking now? When the user connects to the freemail/webmail service, hopefully with some type of authentication, outbound messages from the freemail/webmail's service affects the reputation of that service. If the scanning is done at the "application layer" at the freemail/webmail system, it has more knowledge about the application, e.g. detecting mass "forwards", mailing lists, appended signature blocks, etc that may not be easily detectable form the user interface. And then it becomes the application service providers responsibility to maintain its effectiveness. Its no different whether I connect to my "home" mail service using HTTP/HTTPS, MSA-AUTH, SSH, TELNET, MS-RPC Exchange, etc. If I happen to be travelling on some random network, I still want to use the reputation of my "home" mail server not the random network I'm using. Of course, some freemail services aren't very good about "know their customer" when new users sign up. Anyone can get lots of different username accounts on some freemail services. If you believe some freemail services are too important to filter, some ISPs are looking at the next "received" header for their filtering. Nevertheless, if an ISP is interested in application layer filtering and deep protocol inspection (i.e. it may go through a proxy, so its not really "packet' inspection anymore), there are some open source and commercial systems that could be modified to do this. They are usually advertised for classified information/parental control/employer control systems. For software installed on the PC itself, e.g. cybercafes, most major anti-virus and parental control software vendors already are web-mail aware, and scan incoming messages. They may be able to scan outgoing messages too. But I don't believe they've thought about using them for outbound spam filtering for web-mail. The network content control systems are a bit more specialized. There are some high-end "firewalls" typically bought for military gateways which claim to be able to do full content inspection of webmail transactions.
|