Re: How do you stop outgoing spam?

[Hank Nussbacher <hank () att net il>]

On Mon, 9 Sep 2002, Iljitsch van Beijnum wrote:

Looking for automatic off-the-shelf solution.  Not something that requires
a NOC to constantly update a Cisco ACL.

-Hank

> On Mon, 9 Sep 2002, Hank Nussbacher wrote:
>
> > The spamming is usually done (but not only) from an Internet cafe where the
> > spammer inserts a "spammer CD" and blasts away at open mail relays.When
> > SMTP is blocked for that IP, they switch to HTTP and send the spam via MSN,
> > Yahoo, Hotmail, Kukamail, Outblaze, Safe-mail, etc. to name just a
> > few.Blocking port 80 is harder since it requires maintaining an ever
> > larger list of free public web based mail systems or just block port 80
> > entirely.
>
> You could traffic shape or rate limit the traffic towards port 80 to a few
> kbps for each IP address that might be used for spamming. If you allow
> small bursts (10 - 50k) this should be just fine for regular web access,
> since for that outgoing traffic is minimal: just the HTTP requests and
> ACKs. However, it will slow down spamming to at most a couple dozen spams
> per minute after the first few that fill up the configured burst size. I
> imagine this will make the spammers move on to greener pastures.

Hank Nussbacher