(WEB HOST INDUSTRY REVIEW) – The threat of inbound spam is pretty widely understood, by service providers, of course, and by end users. Outbound spam, generated within a service providers’ own network, presents a few more serious problems. It can ultimately result in a provider being blacklisted, and can cause permanent damage to its reputation.
IT security solutions firm Commtouch (www.commtouch.com) recently commissioned Osterman Research to conduct the first ever study on the effects of outbound spam.
Entitled “The Problem of Outbound Spam”, the report surveyed hundreds of service providers and email customers from around the world, asking them about their views on outbound spam.
Commtouch recently launched an Outbound Spam Protection solution, which stops spam in real time by detecting spam generated within the service provider’s own network, as well as global outbreaks, and detects the source of the outbound spam.
In an email interview with the WHIR, Commtouch VP of marketing Rebecca Steinberg Herson discusses the severity of outbound spam and how service providers can be more proactive in defending their networks from this growing problem.
WHIR: Why did Commtouch decide to commission this report?
Rebecca Steinberg Herson: We have been working with hosting providers and other service providers for many years, providing inbound anti-spam technologies. In discussions with our customers the issue of outbound spam arose, they expressed concern that they were increasingly facing blacklisting due to spammers exploiting their networks to send outbound spam, and they were having difficulty finding a solution. Many were spending more time and money on trying to solve the outbound spam problem than on their inbound anti-spam efforts, simply because the inbound issue had been around for a lot longer and the solutions are quite established.
WHIR: Why is outbound spam a growing cause for concern among service providers?
RSH: Outbound spam has serious implications for service providers, which are the reasons for concern. It can result in blacklisting, which leads to increased support and IT costs, damaged reputation, and customer dissatisfaction, as our research discovered. Spammers and malware distributors are constantly looking for clever ways to distribute their email messages over the Internet. Service providers that are not vigilant about closing off all communication avenues to these villains will find themselves spending more resources to explain why their customers’ legitimate mail was blocked from its recipient (the IP address had been blacklisted) and-more time working on getting delisted from the blacklists and identifying the problematic accounts that were sending spam in the first place.
WHIR: How are ISPs, Web hosts and managed email providers trying to cope with the growing problem of outbound spam?
RSH: Service providers such as ISPs, Web hosts and managed email providers use multiple methods to try to cope with the problem. They include blocking port 25, reversing inbound anti-spam filters, throttling (setting limits on the emails sent per time period or the number of recipients) and IP analysis (blocking webmail users accessing from suspect IP addresses). Each of these methods has its own drawbacks, which can include high rates of false positives – i.e. legitimate messages that get blocked on their way out of the network – and excessive management overhead. And some are just ineffective against certain types of outbound spam, for example blocking port 25 will block rogue MTAs such as zombies on the service provider network, but does not provide a solution to spam generated from compromised accounts or other techniques that exploit the service provider’s MTA.
WHIR: How does Commtouch’s Outbound Spam Protection solution prevent users from sending out spam and prevent them from being blacklisted?
RSH: Commtouch Outbound Spam Protection solution enables service providers to identify and block outbound spam caused by compromised user accounts, malicious users, and zombie computers. It relies on patented recurrent pattern detection technology, which analyzes billions of messages per day to identify outbreaks the moment they occur. The OSP solution includes local RPD technology to block locally-generated spam unique to each service provider in real-time, as well as to provide the identity of the spammer to the service providers’ abuse teams.
Outbound email is scanned by OSP for globally recurring spam patterns,and locally recurring spam patterns. This spam pattern information is correlated with a sender’s traffic statistics, such as messages per period of time and spam/ham ratio. Once a sender reaches a certain threshold set by the service provider, the Commtouch solution can block the spam and alert the service provider with the sender address. Samples of the blocked emails can also be provided for analysis.
Recurring mail patterns is the one anti-spam method that a spammer cannot avoid. To be efficient, a spammer needs to send out many emails in a short time, from a bot or a compromised account, and it can only change each mail so much, meaning there will always be a pattern that can be picked out of the mails. RPD will be able to detect the patterns whether locally created patterns or global patterns, making it virtually impossible to circumvent. It is also tamper proof – spammers cannot use RPD as a “test bed” (unlike, for example, SpamAssassin) since when they attempt to send large quantities of the same or similar message, RPD will immediately block them. In this way, Commtouch’s Outbound Spam Protection solution can help protect service providers’ reputation, save costs, reduce maintenance and improve customer satisfaction.
WHIR: What are some examples of web hosts that are currently using Commtouch’s Outbound Spam Protection solution?
RSH: Some service providers that use the solution include Hostway, MXSweep, Rediff.com, and TTAsia.
