North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ISP wants to stop outgoing web based spam

  • From: Florian Weimer
  • Date: Fri Aug 11 03:32:25 2006

* Hank Nussbacher:

> Please show me which virus scanner scans html pages for the words like
> V I A G R A, or Free M O R T G A G E, as it is going outbound.

I assumed your Internet cafe example was the concrete scenario you
were trying to address.  There are quite a few scaners which contain
signatures for spam-sending software, but it might be necessary to
roll your own stuff.  In that scenario, it's simply more effective to
look for the software (and accompanying anomalies) than for some web
application traffic.

> The big boys know what to do.  The smaller ones like,
> and to name just 3 out of about 300 I have seen, do
> not have all those bells and whistles and therefore, in order to
> protect an ISPs IP address space from not getting burned by spammers,
> the ISP has to take proactive measures.

I still don't understand why you think this has to be solved at the
network level, specifically targeting web-based email services.

There are hugely different two scenarios:

  1. Spammers buy your Internet service and use it to send spam.

  2. Regular customers catch some piece of malware and their computers
     send spam.

In the first case, you get rid of the customers (possibly involving
law enforcement because many of the advertised products and services
are illegal).  In the second case, you need a general anti-malware
strategy, and webmailers are the least of your problems.