Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

Outbound filtering - Part 1

Outbound filtering - Part 1

  • Comments 4

We are nearing the end of the dev cycle of our next release and the plans naturally start to look forward to our next release.  Don't get me wrong, there's still a ways to go in our current release.  We have to hit code complete on January 31, go through Test and reduce all of our bugs to zero (hitting Zero Bug Bounce, or ZBB) and then we release to Operations.  That's scheduled for April.

However, we need to have the pipeline full for the next big thing.  Normally, I like to plan for things that are my idea, but occasionally we take special requests from other departments.  The current hot issue of the day is outbound spam filtering.

Most big services that I am aware of do not do outbound spam filtering.  Hotmail doesn't do it, Gmail doesn't do it, we don't do it.  The assumption is that all of our customers are sending legitimate mail and none of them are spammers trying to hide behind our outbound mail service.

I believe that this is a reasonable assumption but the problem now is that many times, customers using us for outbound mail are 0wned.  Thus, they get a system on their network that is infected (turned into a bot) and pumps out tons of spam, and then that spam gets relayed through us.  The result?  We get listed on 3rd party blacklists.  For big guys like Hotmail or Gmail, that's not that big a problem because they have a lot of clout.  Who'd be foolish enough to block all mail from those guys?  We, by contrast, don't have quite so much leverage.

Plenty of departments keep telling me that we need to do outbound spam filtering.  As I will go into in my next post, this is only the first step in the direction we need to head.  We want to keep our IPs clean but outbound mail filtering is a complex task.

Leave a Comment
  • Please add 2 and 5 and type the answer here:
  • Post
  • "The result?  We get listed on 3rd party blacklists.  For big guys like Hotmail or Gmail, that's not that big a problem because they have a lot of clout."

    Wanna bet?

    "Who'd be foolish enough to block all mail from those guys?"

    I've posted this example before.  Don't you think one big guy is Yahoo, and doesn't Yahoo have a lot of clout?  Well, Yahoo filters mail from Yahoo into Yahoo customers' spam boxes.  Yahoo correctly recognizes that Yahoo sends a lot of spam.  The problem is false positives, where they filter legitimate mail into recipients's spam boxes, because the same Yahoo sending servers send both legitimate mail and spams.

  • Does Yahoo actually filter mail from Yahoo?

    I said earlier that Hotmail doesn't do outbound spam filtering, but that's not entirely correct.  They do implement throttling; if you exceed sending a certain volume of spam messages within a set period of time, Hotmail will suspend your outbound delivery.

    I wouldn't be surprised if Yahoo did the same thing.

  • > Does Yahoo actually filter mail from Yahoo?

    Legitimate mail from Yahoo US often comes to my Yahoo Japan account and I have to click buttons to mark it as non-spam.

    Legitimate mail from me to Yahoo US has been bounced because Yahoo Japan's mail servers have (correctly) been listed on RBL lists.

  • Terry,

    Is there any available outbound spam filter by name that you know that currently exists? I've been trying to lay my hands on one, but I've not been successful. Thanks.

Page 1 of 1 (4 items)