ISP wants to stop outgoing web based spam
Sean Donelan
sean at donelan.com
Wed Aug 9 21:45:03 UTC 2006
On Wed, 9 Aug 2006, Hank Nussbacher wrote:
> The key here is the bottom Received with the mshttpd. Only once it hits
> telgua.com.pt (this is just an example of the dozens I see per day), does it
> get converted into smtp, but the xx.56.145.19 IP is the one that gets listed
> in spam BLs.
>
> Basically, the state of blocking outgoing spam hasn't progressed in the past
> 4 years. Bummer.
Shouldn't most of freemail/webmail services be doing their own outbound
spam and virus checking now?
When the user connects to the freemail/webmail service, hopefully
with some type of authentication, outbound messages from the
freemail/webmail's service affects the reputation of that
service. If the scanning is done at the "application layer" at the
freemail/webmail system, it has more knowledge about the application,
e.g. detecting mass "forwards", mailing lists, appended signature blocks,
etc that may not be easily detectable form the user interface. And then it
becomes the application service providers responsibility to maintain
its effectiveness.
Its no different whether I connect to my "home" mail service using
HTTP/HTTPS, MSA-AUTH, SSH, TELNET, MS-RPC Exchange, etc. If I happen
to be travelling on some random network, I still want to use the
reputation of my "home" mail server not the random network I'm using.
Of course, some freemail services aren't very good about "know their
customer" when new users sign up. Anyone can get lots of different
username accounts on some freemail services. If you believe some freemail
services are too important to filter, some ISPs are looking at the next
"received" header for their filtering.
Nevertheless, if an ISP is interested in application layer filtering and
deep protocol inspection (i.e. it may go through a proxy, so its not
really "packet' inspection anymore), there are some open source and
commercial systems that could be modified to do this. They are usually
advertised for classified information/parental control/employer control
systems. For software installed on the PC itself, e.g. cybercafes, most
major anti-virus and parental control software vendors already are
web-mail aware, and scan incoming messages. They may be able to scan
outgoing messages too. But I don't believe they've thought about
using them for outbound spam filtering for web-mail. The network
content control systems are a bit more specialized. There are some
high-end "firewalls" typically bought for military gateways which claim
to be able to do full content inspection of webmail transactions.
More information about the NANOG
mailing list