North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: ISP wants to stop outgoing web based spam
On Wed, 9 Aug 2006, Hank Nussbacher wrote:
The key here is the bottom Received with the mshttpd. Only once it hits telgua.com.pt (this is just an example of the dozens I see per day), does it get converted into smtp, but the xx.56.145.19 IP is the one that gets listed in spam BLs.
Shouldn't most of freemail/webmail services be doing their own outbound spam and virus checking now?
When the user connects to the freemail/webmail service, hopefully with some type of authentication, outbound messages from the
freemail/webmail's service affects the reputation of that service. If the scanning is done at the "application layer" at the freemail/webmail system, it has more knowledge about the application,
e.g. detecting mass "forwards", mailing lists, appended signature blocks, etc that may not be easily detectable form the user interface. And then it
becomes the application service providers responsibility to maintain
Its no different whether I connect to my "home" mail service using HTTP/HTTPS, MSA-AUTH, SSH, TELNET, MS-RPC Exchange, etc. If I happen
to be travelling on some random network, I still want to use the reputation of my "home" mail server not the random network I'm using.
Of course, some freemail services aren't very good about "know their customer" when new users sign up. Anyone can get lots of different
username accounts on some freemail services. If you believe some freemail services are too important to filter, some ISPs are looking at the next "received" header for their filtering.
Nevertheless, if an ISP is interested in application layer filtering and
deep protocol inspection (i.e. it may go through a proxy, so its not really "packet' inspection anymore), there are some open source and
commercial systems that could be modified to do this. They are usually advertised for classified information/parental control/employer control systems. For software installed on the PC itself, e.g. cybercafes, most major anti-virus and parental control software vendors already are web-mail aware, and scan incoming messages. They may be able to scan outgoing messages too. But I don't believe they've thought about using them for outbound spam filtering for web-mail. The network
content control systems are a bit more specialized. There are some
high-end "firewalls" typically bought for military gateways which claim
to be able to do full content inspection of webmail transactions.