[Mimedefang] Scary... Filtering on the outbound.
jscullylg3 at lifegiver.net
Thu Feb 17 22:47:49 EST 2005
Our company, which operates about 250 ISPs just implemented outbound
filtering for exactly this reason - we are seeing an increasing number of
subscribers sending spam due to worms. We have always filtered outbound for
In order to block spam but not block individual messages we began tracking
total number and average score of messages sent in the last ten minutes, one
hour, one day and last 30 days. Since dial-up subs can have a different IP
address each time they connect we have to start by tracking back to the
"real" userid from the sending IP address.
A sub could send a few emails scoring anything (could be a personal
porn-o-gram to someone :) but the higher the number of messages the lower
the average score can be to trigger blocking. Rate of transmission also
weights the decision - sending 100 in a few minutes is treated like sending
1,000 over a longer time.
We are still playing with the rules, but so far so good. We no longer get
reported to spamcop or other block lists, and the only subscribers who have
had an issue are people who were really spammers - they all claimed that
they were sending out newsletters until shown the spam reports.
----- Original Message -----
From: "David F. Skoll" <dfs at roaringpenguin.com>
To: "MimeDefang" <mimedefang at lists.roaringpenguin.com>
Sent: Thursday, February 17, 2005 12:48 PM
Subject: Re: [Mimedefang] Scary... Filtering on the outbound.
> On Wed, 16 Feb 2005, Ben Kamen wrote:
> [about outbound filtering]
> This is going to become a lot more common for a couple of reasons:
> 1) As ISPs block outbound port 25 connections, spam zombies are going
> to use the ISPs relay to send outbound spam. This will force ISPs
> to filter outgoing mail, or risk getting blocked as spam sources.
> 2) All kinds of regulations in the US like HIPAA and financial
> regulations will force businesses to at least pretend to control
> outflowing information. Unfortunately, doing this effectively means
> prohibiting tools like PGP for encrypted e-mail. :-(
> Visit http://www.mimedefang.org and http://www.canit.ca
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
This message scanned for viruses by Lifegiver.net
For more information on our filtered email and dial up internet service please visit http://www.lifegiver.net
More information about the MIMEDefang