ISP wants to stop outgoing web based spam

Michael Nicks mtnicks at kanren.net
Thu Aug 10 20:23:00 UTC 2006 

That pretty much sums it up. Lose a little bit of revenue versus causing 
a service outage and losing a lot of revenue.

-M
-- 
Michael Nicks
Network Engineer
KanREN
e: mtnicks at kanren.net
o: +1-785-856-9800 x221
m: +1-913-378-6516



Hank Nussbacher wrote:
> 
> On Thu, 10 Aug 2006, Ken Simpson wrote:
> 
>>> I've had a a situation in the past that required this same application.
>>> I ended up using amavisd-new with custom views for incoming and outgoing
>>> mail. For spam originating from inside, it was dropped completely, for
>>> spam originating from the outside, subject was rewritten.
>>
>> Can you elaborate on the situation off-list? It seems to me that
>> stopping outbound webmail spam is something that would not be
>> profitable for an ISP. I am wondering what the ISP's motivation is to
>> solve this problem.
> 
> I'll answer on-list since this answer can benefit others.  The primary 
> reason that the ISP wants to block outbound webmail spam is because the 
> 100s of BLs on the Internet end up blocking large segments of the IP 
> space due to spam reporting by end users.  The spammer can end up 
> "burning" quite a few IPs before the feedback loop of user->spam 
> report->BL->ISP->block is completed.  Therefore the ISP wants to be 
> proactive and shut off the spam before it even starts.  Even if it means 
> losing revenue.
> 
> Hank Nussbacher
> http://www.interall.co.il
> 
>>
>> Regards,
>> Ken
>>
>>>
>>> Hope this helps.
>>> -Michael
>>>
>>> -- 
>>> Michael Nicks
>>> Network Engineer
>>> KanREN
>>> e: mtnicks at kanren.net
>>> o: +1-785-856-9800 x221
>>> m: +1-913-378-6516
>>>
>>> Hank Nussbacher wrote:
>>>>
>>>> Back in 2002 I asked if anyone had a solution to block or rate limit
>>>> outgoing web based spam. Nothing came about from that thread. I have an
>>>> ISP that *wants* to stop the outgoing spam on an automatic basis and be
>>>> a good netizen. I would have hoped that 4 years later there would be
>>>> some technical solution from some hungry startup. Perhaps I have missed
>>>> it. What I have found so far is:
>>>>
>>>> Detecting Outgoing Spam and Mail Bombing
>>>> http://www.brettglass.com/spam/paper.html
>>>> SMTP based mitigation - thing on HTTP/HTTPS
>>>>
>>>> Stopping Outgoing Spam
>>>> http://research.microsoft.com/~joshuago/outgoingspam-final-submit.pdf
>>>> Research paper - nothing practical
>>>>
>>>> Throttling Outgoing SPAM for Webmail Services
>>>> http://www.ceas.cc/papers-2005/164.pdf
>>>> Research paper - nothing practical
>>>>
>>>> ISPs look inward to stop spam - Network World
>>>> http://www.networkworld.com/news/2004/071204carrispspam.html
>>>> Bottom line - no solution
>>>>
>>>> So I am trying once again.  Hopefully someone has some magic dust
>>>> this time around.
>>>>
>>>> Thanks,
>>>> Hank Nussbacher
>>>> http://www.interall.co.il
>>>>
>>
>> -- 
>> MailChannels: Reliable Email Delivery (TM) | http://mailchannels.com
>>
>> -- 
>> Suite 203, 910 Richards St.
>> Vancouver, BC, V6B 3C1, Canada
>> Direct: +1-604-729-1741
>>
>> +++++++++++++++++++++++++++++++++++++++++++
>> This Mail Was Scanned By Mail-seCure System
>> at the Tel-Aviv University CC.
>>

More information about the NANOG mailing list