North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ISP wants to stop outgoing web based spam

  • From: Michael Nicks
  • Date: Thu Aug 10 16:28:09 2006


That pretty much sums it up. Lose a little bit of revenue versus causing a service outage and losing a lot of revenue.


-M
--
Michael Nicks
Network Engineer
KanREN
e: [email protected]
o: +1-785-856-9800 x221
m: +1-913-378-6516



Hank Nussbacher wrote:

On Thu, 10 Aug 2006, Ken Simpson wrote:


I've had a a situation in the past that required this same application.
I ended up using amavisd-new with custom views for incoming and outgoing
mail. For spam originating from inside, it was dropped completely, for
spam originating from the outside, subject was rewritten.

Can you elaborate on the situation off-list? It seems to me that stopping outbound webmail spam is something that would not be profitable for an ISP. I am wondering what the ISP's motivation is to solve this problem.

I'll answer on-list since this answer can benefit others. The primary reason that the ISP wants to block outbound webmail spam is because the 100s of BLs on the Internet end up blocking large segments of the IP space due to spam reporting by end users. The spammer can end up "burning" quite a few IPs before the feedback loop of user->spam report->BL->ISP->block is completed. Therefore the ISP wants to be proactive and shut off the spam before it even starts. Even if it means losing revenue.


Hank Nussbacher
http://www.interall.co.il


Regards, Ken


Hope this helps. -Michael

--
Michael Nicks
Network Engineer
KanREN
e: [email protected]
o: +1-785-856-9800 x221
m: +1-913-378-6516

Hank Nussbacher wrote:

Back in 2002 I asked if anyone had a solution to block or rate limit outgoing web based spam. Nothing came about from that thread. I have an ISP that *wants* to stop the outgoing spam on an automatic basis and be a good netizen. I would have hoped that 4 years later there would be some technical solution from some hungry startup. Perhaps I have missed it. What I have found so far is:

Detecting Outgoing Spam and Mail Bombing
http://www.brettglass.com/spam/paper.html
SMTP based mitigation - thing on HTTP/HTTPS

Stopping Outgoing Spam
http://research.microsoft.com/~joshuago/outgoingspam-final-submit.pdf
Research paper - nothing practical

Throttling Outgoing SPAM for Webmail Services
http://www.ceas.cc/papers-2005/164.pdf
Research paper - nothing practical

ISPs look inward to stop spam - Network World
http://www.networkworld.com/news/2004/071204carrispspam.html
Bottom line - no solution

So I am trying once again.  Hopefully someone has some magic dust
this time around.

Thanks,
Hank Nussbacher
http://www.interall.co.il


-- MailChannels: Reliable Email Delivery (TM) | http://mailchannels.com

--
Suite 203, 910 Richards St.
Vancouver, BC, V6B 3C1, Canada
Direct: +1-604-729-1741

+++++++++++++++++++++++++++++++++++++++++++
This Mail Was Scanned By Mail-seCure System
at the Tel-Aviv University CC.