[91619] in North American Network Operators' Group
Re: ISP wants to stop outgoing web based spam
daemon@ATHENA.MIT.EDU (Michael K. Smith - Adhost)
Wed Aug 9 09:13:16 2006
In-Reply-To: <5.1.0.14.2.20060809132643.05586c90@efes.iucc.ac.il>
Date: Wed, 9 Aug 2006 06:11:11 -0700
From: "Michael K. Smith - Adhost" <mksmith@adhost.com>
To: "Hank Nussbacher" <hank@efes.iucc.ac.il>,
"Nanog" <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
This is a multi-part message in MIME format.
------_=_NextPart_001_01C6BBB5.46B25529
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hello Hank:
On 8/9/06 3:28 AM, "Hank Nussbacher" <hank@efes.iucc.ac.il> wrote:
>=20
> Back in 2002 I asked if anyone had a solution to block or rate limit
> outgoing web based spam. Nothing came about from that thread. I have =
an
> ISP that *wants* to stop the outgoing spam on an automatic basis and =
be
> a good netizen. I would have hoped that 4 years later there would be
> some technical solution from some hungry startup. Perhaps I have =
missed
> it. What I have found so far is:
>=20
> Detecting Outgoing Spam and Mail Bombing
> http://www.brettglass.com/spam/paper.html
> SMTP based mitigation - thing on HTTP/HTTPS
>=20
> Stopping Outgoing Spam
> http://research.microsoft.com/~joshuago/outgoingspam-final-submit.pdf
> Research paper - nothing practical
>=20
> Throttling Outgoing SPAM for Webmail Services
> http://www.ceas.cc/papers-2005/164.pdf
> Research paper - nothing practical
>=20
> ISPs look inward to stop spam - Network World
> http://www.networkworld.com/news/2004/071204carrispspam.html
> Bottom line - no solution
>=20
> So I am trying once again. Hopefully someone has some magic dust
> this time around.
>=20
> Thanks,
> Hank Nussbacher
> http://www.interall.co.il
>=20
My answer is based on the word "startup" so I'm assuming "no money" but =
I
could be "wrong". :-) We use the standard SpamAssassin, ClamAV setup =
both
on ingress and egress. On egress we set the detection levels and divert =
and
save anything that is marked as Spam rather than sending it on with =
headers
and subject modifications.
We've found this to be very effective in reducing our scores with =
Comcast
and AOL in particular and it's pretty much stopped our being blocked by
those services, even using a fairly loose setting for SpamAssassin. As =
a
service provider that forwards tons of mail to addresses on those =
networks
(previously un-scanned so we forwarded everything, including Spam) we've
found it essential to put these filters in place to guarantee (as much =
as
anyone can) service for our email customers.
Regards,
Mike
------_=_NextPart_001_01C6BBB5.46B25529
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.5.7638.1">
<TITLE>Re: ISP wants to stop outgoing web based spam</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=3D2>Hello Hank:<BR>
<BR>
<BR>
On 8/9/06 3:28 AM, "Hank Nussbacher" =
<hank@efes.iucc.ac.il> wrote:<BR>
<BR>
><BR>
> Back in 2002 I asked if anyone had a solution to block or rate =
limit<BR>
> outgoing web based spam. Nothing came about from that thread. I =
have an<BR>
> ISP that *wants* to stop the outgoing spam on an automatic basis =
and be<BR>
> a good netizen. I would have hoped that 4 years later there would =
be<BR>
> some technical solution from some hungry startup. Perhaps I have =
missed<BR>
> it. What I have found so far is:<BR>
><BR>
> Detecting Outgoing Spam and Mail Bombing<BR>
> <A =
HREF=3D"http://www.brettglass.com/spam/paper.html">http://www.brettglass.=
com/spam/paper.html</A><BR>
> SMTP based mitigation - thing on HTTP/HTTPS<BR>
><BR>
> Stopping Outgoing Spam<BR>
> <A =
HREF=3D"http://research.microsoft.com/~joshuago/outgoingspam-final-submit=
.pdf">http://research.microsoft.com/~joshuago/outgoingspam-final-submit.p=
df</A><BR>
> Research paper - nothing practical<BR>
><BR>
> Throttling Outgoing SPAM for Webmail Services<BR>
> <A =
HREF=3D"http://www.ceas.cc/papers-2005/164.pdf">http://www.ceas.cc/papers=
-2005/164.pdf</A><BR>
> Research paper - nothing practical<BR>
><BR>
> ISPs look inward to stop spam - Network World<BR>
> <A =
HREF=3D"http://www.networkworld.com/news/2004/071204carrispspam.html">htt=
p://www.networkworld.com/news/2004/071204carrispspam.html</A><BR>
> Bottom line - no solution<BR>
><BR>
> So I am trying once again. Hopefully someone has some magic =
dust<BR>
> this time around.<BR>
><BR>
> Thanks,<BR>
> Hank Nussbacher<BR>
> <A =
HREF=3D"http://www.interall.co.il">http://www.interall.co.il</A><BR>
><BR>
<BR>
My answer is based on the word "startup" so I'm assuming =
"no money" but I<BR>
could be "wrong". :-) We use the standard =
SpamAssassin, ClamAV setup both<BR>
on ingress and egress. On egress we set the detection levels and =
divert and<BR>
save anything that is marked as Spam rather than sending it on with =
headers<BR>
and subject modifications.<BR>
<BR>
We've found this to be very effective in reducing our scores with =
Comcast<BR>
and AOL in particular and it's pretty much stopped our being blocked =
by<BR>
those services, even using a fairly loose setting for =
SpamAssassin. As a<BR>
service provider that forwards tons of mail to addresses on those =
networks<BR>
(previously un-scanned so we forwarded everything, including Spam) =
we've<BR>
found it essential to put these filters in place to guarantee (as much =
as<BR>
anyone can) service for our email customers.<BR>
<BR>
Regards,<BR>
<BR>
Mike<BR>
<BR>
</FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C6BBB5.46B25529--
