Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

Outbound filtering - part 4

Outbound filtering - part 4

  • Comments 1

There are other options for dealing with outbound mail.  Let's take a look at another one.

Option 2 - Treat outbound mail the same as inbound mail

Another option for outbound mail filtering is to treat inbound mail nearly the same as outbound mail.  If a message is scanned and detected as spam, send it to the user's spam quarantine.  Except, rather than quarantining based on the recipient, we must quarantine based on the sender.

Spam notifications are the same.  We send notices to users about what spam they have in their spam quarantine; it's a list of messages with the subject line, sender and date sent.  They would then receive a similar notification for spam filtered in their outbound quarantine.

Advantages - reuses a lot of the existing infrastructure.  Spam is spam, no matter where it comes from so simply store and filter it the same way we do for inbound mail.  Doesn't require too many changes to the way we think about spam.

Disadvantages - the time delay is a major drawback.  We send spam quarantine notifications by default every three days, but a user can elect to receive them every day.  Still, a day's wait is completely unacceptable.  If you send a message and have to wait 24 hours to determine that your message was flagged as spam and not delivered, I would think you'd be infuriated (I now I would be).

This also requires changes to our spam quarantine - we have to store mail based on the sender instead of recipient, and divide the quarantine into inbound and outbound.  For customers who don't have quarantine logins, they will have to talk to an admin to get their message released.  That would be an awful headache and I bet would generate a ton of support calls.

Leave a Comment
  • Please add 2 and 5 and type the answer here:
  • Post