Browse by Tags
All Tags »
Reputation (RSS)
A couple of months ago, I posted a one-day snapshot of how much spam we see from individual botnets. I’ve been keeping track since July 29 on the biggest ones that have names, and only for IPs that get past our RBLs. At the time of my first
Read More...
Results Forefront Online (ie, us) has come a long way in reclaiming its outbound reputation. The question now is this – has it worked? I will report on some anecdotal evidence. The Good To determine whether or not we have gotten better, I prefer to check
Read More...
Continuing on in my 9 part series , the process of mitigating an outbound spam problem occurs in a two-fold manner. Usually they are mutually exclusive, but one can lead to the other. Cutting off mail only for the offending email address This is the default
Read More...
Last week, I commented on the the Gmail/Hotmail/Yahoo username and password leak. The question we now ask is whether or not we are seeing an increased amount of spam from those services. The folks from All Spammed Up recently posted that various
Read More...
Islands Islands are named that way because their appearance looks like an island – a time zone infraction in which the middle sticks out above the others. Another term for this pattern is the head-and-shoulders pattern. Islands are the most ambiguous
Read More...
Mountains A mountain pattern is when each subsequent monitoring of an outbound spam problem is worse than the previous time. It looks like you are climbing a mountain. Once a threshold is crossed, an alert is generated. Mountains generate the most obvious
Read More...
Pattern Detection and Noise Reduction The amount of noise inherent in outbound spam detection is high. End users will routinely mark messages as spam that aren’t actually spam. An example of this would be company billing reports; these are not spam but
Read More...
Monitoring FOSE has implemented a lot of different mechanisms to mitigate the spam problem. These include, but are not limited to, the following: Routing all mail from non-customer domains that is marked as spam through the NDR pool. Changing (1) and
Read More...
Option 3 - Keep track of the mail disposition and cut off the entire organization This was one of the original ideas proposed to solving the outbound spam problem. The idea is to filter the mail and write the disposition (spam vs non-spam) to an
Read More...
Options Since outbound spam was poisoning our reputation, we decided that there were two angles we had to approach: Disable customers from using our outbound service when we detected they were spamming. Neutralize the effects of their spam so that other
Read More...
This is the second part of a paper that I presented at Virus Bulletin. Check out their web page here . Outbound Mail The basic assumption for outbound mail is that the people sending it are sending legitimate content. The problem is that this is
Read More...
The following document is part of a paper that I presented at Virus Bulletin in Sept, 2009, in Geneva. It outlines the process that my team has iterated over to clamp down on the problem of outbound spam. How To Reclaim Your Sender Reputation Background
Read More...
When doing IP reputation, generally speaking when you do an IP check, you usually do it on the connecting IP. The assumption is that the IP sending the mail directly is the one responsible for the IP reputation. There are exceptions, of course,
Read More...
One of our spam analysts saw the following spam today: http://www.facebook.com/notes.php?id=xxxxxxxxxxxxx AldLif tedHisCh in AndNarro wedHisE yes."Th eZenshi aVa r iationS ays,' AFr iendWho Cannot BeRe lie dUponI sWo rseTh an AnEnemy. '" Flo
Read More...
Today, out of curiosity, I decided to take a look at which botnets were sending us spam and then doing a breakdown of highest offending botnets. This is a simple snapshot and not necessarily representative of our entire network. Since we block so
Read More...
