ISP wants to stop outgoing web based spam

• Previous message (by thread): ISP wants to stop outgoing web based spam
• Next message (by thread): ISP wants to stop outgoing web based spam
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 9 Aug 2006, Hank Nussbacher wrote:
> The key here is the bottom Received with the mshttpd.  Only once it hits 
> telgua.com.pt (this is just an example of the dozens I see per day), does it 
> get converted into smtp, but the xx.56.145.19 IP is the one that gets listed 
> in spam BLs.
>
> Basically, the state of blocking outgoing spam hasn't progressed in the past 
> 4 years.  Bummer.

Shouldn't most of freemail/webmail services be doing their own outbound 
spam and virus checking now?

When the user connects to the freemail/webmail service, hopefully 
with some type of authentication, outbound messages from the
freemail/webmail's service affects the reputation of that 
service. If the scanning is done at the "application layer" at the 
freemail/webmail system, it has more knowledge about the application,
e.g. detecting mass "forwards", mailing lists, appended signature blocks, 
etc that may not be easily detectable form the user interface. And then it
becomes the application service providers responsibility to maintain
its effectiveness.

Its no different whether I connect to my "home" mail service using 
HTTP/HTTPS, MSA-AUTH, SSH, TELNET, MS-RPC Exchange, etc. If I happen
to be travelling on some random network, I still want to use the 
reputation of my "home" mail server not the random network I'm using.

Of course, some freemail services aren't very good about "know their 
customer" when new users sign up. Anyone can get lots of different
username accounts on some freemail services. If you believe some freemail 
services are too important to filter, some ISPs are looking at the next 
"received" header for their filtering.

Nevertheless, if an ISP is interested in application layer filtering and
deep protocol inspection (i.e. it may go through a proxy, so its not 
really "packet' inspection anymore), there are some open source and
commercial systems that could be modified to do this.  They are usually 
advertised for classified information/parental control/employer control 
systems.  For software installed on the PC itself, e.g. cybercafes, most 
major anti-virus and parental control software vendors already are 
web-mail aware, and scan incoming messages. They may be able to scan 
outgoing messages too. But I don't believe they've thought about 
using them for outbound spam filtering for web-mail.  The network
content control systems are a bit more specialized.  There are some
high-end "firewalls" typically bought for military gateways which claim
to be able to do full content inspection of webmail transactions.

• Previous message (by thread): ISP wants to stop outgoing web based spam
• Next message (by thread): ISP wants to stop outgoing web based spam
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]