On Wed, 9 Aug 2006, Mills, Charles wrote: I guess I wasn't clear enough in my first posting. I am not interested in smtp (port 25 spam). We have that covered. I am only interested in blocking outgoing web based spam. A user sits and sends out spam via automated tools via Hotmail, Yahoo, Gmail, or whatever Webmail system where they have set up thousands of throwaway users. An antispam proxy (that I want to install and manage) has to be able to come between the user on his/her PC and the Hotmail system and scan the http posts and page templates for things like number of receipents and other tricks like keeping track of the number of http posts. It has to maintain a list of known free webmail systems that are abused. Based on my stats from Spamcop, 60% of all outgoing spam is http based rather than smtp based. Others may have slightly higher or lower numbers. So, is there any magic fu out there to solve this? Thanks, Hank Nussbacher http://www.interall.co.il
Seems like all mail would have to go through the same server at that point or at least every server would have to run the software. Probably not practical for an ISP if you have multiple customers with their own mail servers? I assume you're looking for something that would sit on your egress point to your upstream providers? I would think that the Packeteer box would almost be there to do this if you could have it or a box like it inspect all traffic destined for port 25. Compare it against a database of known spammers, known spam keywords, etc.?
Charles L. Mills
Senior Network Engineer
Access Data Corporation
90 Beta Drive
Pittsburgh, PA 15238
(412) 968-4024
cmills@accessdc.com
http://www.accessdc.com <http://www.accessdc.com/>
Hosting, Colocation and Disaster Recovery
________________________________
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Michael K. Smith - Adhost Sent: Wednesday, August 09, 2006 9:11 AM To: Hank Nussbacher; Nanog Subject: Re: ISP wants to stop outgoing web based spam
Hello Hank:
On 8/9/06 3:28 AM, "Hank Nussbacher" <hank@efes.iucc.ac.il> wrote:
Back in 2002 I asked if anyone had a solution to block or rate limit outgoing web based spam. Nothing came about from that thread. I have
an
ISP that *wants* to stop the outgoing spam on an automatic basis and be a good netizen. I would have hoped that 4 years later there would be some technical solution from some hungry startup. Perhaps I have missed it. What I have found so far is:
Detecting Outgoing Spam and Mail Bombing http://www.brettglass.com/spam/paper.html SMTP based mitigation - thing on HTTP/HTTPS
Stopping Outgoing Spam http://research.microsoft.com/~joshuago/outgoingspam-final-submit.pdf Research paper - nothing practical
Throttling Outgoing SPAM for Webmail Services http://www.ceas.cc/papers-2005/164.pdf Research paper - nothing practical
ISPs look inward to stop spam - Network World http://www.networkworld.com/news/2004/071204carrispspam.html Bottom line - no solution
So I am trying once again. Hopefully someone has some magic dust this time around.
Thanks, Hank Nussbacher http://www.interall.co.il
My answer is based on the word "startup" so I'm assuming "no money" but I could be "wrong". :-) We use the standard SpamAssassin, ClamAV setup both on ingress and egress. On egress we set the detection levels and divert and save anything that is marked as Spam rather than sending it on with headers and subject modifications.
We've found this to be very effective in reducing our scores with Comcast and AOL in particular and it's pretty much stopped our being blocked by those services, even using a fairly loose setting for SpamAssassin. As a service provider that forwards tons of mail to addresses on those networks (previously un-scanned so we forwarded everything, including Spam) we've found it essential to put these filters in place to guarantee (as much as anyone can) service for our email customers.
Regards,
Mike
+++++++++++++++++++++++++++++++++++++++++++ This Mail Was Scanned By Mail-seCure System at the Tel-Aviv University CC.