nanog mailing list archives
RE: ISP wants to stop outgoing web based spam
From: Hank Nussbacher <hank () efes iucc ac il>
Date: Wed, 9 Aug 2006 18:11:47 +0300 (IDT)
On Wed, 9 Aug 2006, Mills, Charles wrote:I guess I wasn't clear enough in my first posting. I am not interested in smtp (port 25 spam). We have that covered. I am only interested in blocking outgoing web based spam. A user sits and sends out spam via automated tools via Hotmail, Yahoo, Gmail, or whatever Webmail system where they have set up thousands of throwaway users. An antispam proxy (that I want to install and manage) has to be able to come between the user on his/her PC and the Hotmail system and scan the http posts and page templates for things like number of receipents and other tricks like keeping track of the number of http posts. It has to maintain a list of known free webmail systems that are abused.
Based on my stats from Spamcop, 60% of all outgoing spam is http based rather than smtp based. Others may have slightly higher or lower numbers.
So, is there any magic fu out there to solve this? Thanks, Hank Nussbacher http://www.interall.co.il
Seems like all mail would have to go through the same server at that point or at least every server would have to run the software. Probably not practical for an ISP if you have multiple customers with their own mail servers? I assume you're looking for something that would sit on your egress point to your upstream providers? I would think that the Packeteer box would almost be there to do this if you could have it or a box like it inspect all traffic destined for port 25. Compare it against a database of known spammers, known spam keywords, etc.? Charles L. Mills Senior Network Engineer Access Data Corporation 90 Beta Drive Pittsburgh, PA 15238 (412) 968-4024 cmills () accessdc com http://www.accessdc.com <http://www.accessdc.com/> Hosting, Colocation and Disaster Recovery ________________________________ From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of Michael K. Smith - Adhost Sent: Wednesday, August 09, 2006 9:11 AM To: Hank Nussbacher; Nanog Subject: Re: ISP wants to stop outgoing web based spam Hello Hank: On 8/9/06 3:28 AM, "Hank Nussbacher" <hank () efes iucc ac il> wrote:Back in 2002 I asked if anyone had a solution to block or rate limit outgoing web based spam. Nothing came about from that thread. I haveanISP that *wants* to stop the outgoing spam on an automatic basis andbea good netizen. I would have hoped that 4 years later there would be some technical solution from some hungry startup. Perhaps I havemissedit. What I have found so far is: Detecting Outgoing Spam and Mail Bombing http://www.brettglass.com/spam/paper.html SMTP based mitigation - thing on HTTP/HTTPS Stopping Outgoing Spam http://research.microsoft.com/~joshuago/outgoingspam-final-submit.pdf Research paper - nothing practical Throttling Outgoing SPAM for Webmail Services http://www.ceas.cc/papers-2005/164.pdf Research paper - nothing practical ISPs look inward to stop spam - Network World http://www.networkworld.com/news/2004/071204carrispspam.html Bottom line - no solution So I am trying once again. Hopefully someone has some magic dust this time around. Thanks, Hank Nussbacher http://www.interall.co.ilMy answer is based on the word "startup" so I'm assuming "no money" but I could be "wrong". :-) We use the standard SpamAssassin, ClamAV setup both on ingress and egress. On egress we set the detection levels and divert and save anything that is marked as Spam rather than sending it on with headers and subject modifications. We've found this to be very effective in reducing our scores with Comcast and AOL in particular and it's pretty much stopped our being blocked by those services, even using a fairly loose setting for SpamAssassin. As a service provider that forwards tons of mail to addresses on those networks (previously un-scanned so we forwarded everything, including Spam) we've found it essential to put these filters in place to guarantee (as much as anyone can) service for our email customers. Regards, Mike +++++++++++++++++++++++++++++++++++++++++++ This Mail Was Scanned By Mail-seCure System at the Tel-Aviv University CC.
Current thread:
- Re: ISP wants to stop outgoing web based spam, (continued)
- Re: ISP wants to stop outgoing web based spam Paul Jakma (Aug 09)
- Message not available
- Re: ISP wants to stop outgoing web based spam Paul Jakma (Aug 09)
- Captchas was Re: ISP wants to stop outgoing web based spam Simon Waters (Aug 10)
- Re: Captchas was Re: ISP wants to stop outgoing web based spam Paul Jakma (Aug 15)
- Re: Captchas was Re: ISP wants to stop outgoing web based spam Matthew Sullivan (Aug 15)
- Re: Captchas was Re: ISP wants to stop outgoing web based spam Simon Waters (Aug 16)
- Re: Captchas was Re: ISP wants to stop outgoing web based spam Richard A Steenbergen (Aug 16)
- Re: Captchas was Re: ISP wants to stop outgoing web based spam Paul Jakma (Aug 16)
- Re: ISP wants to stop outgoing web based spam David Andersen (Aug 09)
- Re: ISP wants to stop outgoing web based spam Matthew Black (Aug 09)
- Re: ISP wants to stop outgoing web based spam Ken Simpson (Aug 09)
- Re: ISP wants to stop outgoing web based spam Gregory Kuhn (Aug 09)
- Re: ISP wants to stop outgoing web based spam Suresh Ramasubramanian (Aug 09)
- Re: ISP wants to stop outgoing web based spam Simon Waters (Aug 10)
- Re: ISP wants to stop outgoing web based spam Suresh Ramasubramanian (Aug 10)