Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

Outbound filtering - part 6

Outbound filtering - part 6

  • Comments 1

At this point, I hope I have made my point that the question of outbound filtering is non-trivial.  I'm not particularly keen on treating inbound mail the same as outbound mail (ie, scan, filter, deliver or quarantine) because of the time delay.  Ideally, I'd like a bounce to be instantaneous.

On the other hand, I've never been entirely comfortable with the challenge/response model.  However, I suppose in this case, we are only challenging on messages that we have identified as spam and then providing the user with a workaround to force their message through.  But on the other hand, a clever spammer, if they wanted to target us and one of our customers who uses this for outbound, they could conceivably game the system.

It looks like a more complicated solution to the problem will be the one that we will pursue.  Unfortunately, a more complicated solution will involve a bunch of changes to the hardware infrastructure.  It's not necessarily a bad thing but it will take forever to get it out the door (Microsoft development cycles take an eternity... PM spec, dev spec, test spec, coding phase, test phase, staging, stabilization, release-to-operations which is itself another eternity... and only then the product is out the door).

So, internally here, the discussions continue but it looks like we are starting to converge on a strategy (at least for now... I have another wider meeting with more people on Wednesday so things could change).  My hope in this series of posts was to provide a little bit of insight into how tech decisions are driven in my division when I am in charge of the feature.

Leave a Comment
  • Please add 1 and 6 and type the answer here:
  • Post
  • Sure spammers would be able to game the system when they personally sit and watch the bots they're controlling:  Oh, this bot got some quarantine notifications from its original owner's ISP, so let's open Internet Explorer on the machine, log into the original owner's account on their ISP, game the ISP's quarantine system, and hope the original owner doesn't notice while we do all this, to send our spams out from the machine.

    I bet you this would reduce the amount of spams sent from bots.

Page 1 of 1 (1 items)