> First ask which issue you want to solve, do you want to just filter or

> do you want to fix the customer end? See the list of questions in my mail.

Baiscally, you want to filter and protect yourself. Your are an ISP not a security

assessment company. Warn the customer and send them and dos and dont's about emails.

> Thus the case where an IP has sent spam and you already got an abuse report?

> Which was already, in part, harmed by the above, you already have an

> abuse report.

Yes, that's right. How else could it be?

That's the whole point of this message ;-)

> Do I understand correctly that you will have:

> { Hosting Network } ---> { SMTP cluster with filtering} -> { Internet }

Yes, that is about right.

> and do not allow any of the other IPs in the Hosting Network to send

> outbound SMTP? Depending on the type of customer (see the question in

> previous mail) they might not want to rely on your SMTP server for instance.

Sorry, but who cares? Either they use the setup you offer them, either they

have their own SMTP servers and the problems is no longer your technical responsability.

If something happens, they are liable for it, period.

Out of scope for my request.

> SPAM / UCE / UBE is very well defined.

> See for instance http://en.wikipedia.org/wiki/Spam_(electronic)

> and various other places.

Yes, now the question is how do you define the border between prospecting and spamming?

Not expecting an answer here, only a court ruling would have any value here.

I refer to customers who are sending UBE and are not even aware of it!

> Actually the exact same techniques apply it just depends if you want to

> invest money (hence the question about that) in if you want to educate

> them properly or not... (hence the question about how you contact them).

One must live in the Disneyland® realm to believe that providers to educate their customers.

Back to earth please!

Anything to suggest so far or are we just stuck into a loop of ping-pong email replies that will go nowhere?

Cheers,

Gregory

On 25 January 2013 13:36, Jeroen Massar <jeroen@massar.ch> wrote:

On 2013-01-25 13:06, Gregory Agerba wrote:
> Hi Jeroen,
>
> Let's not start this email security discussion by being focused on the
> bottom line or by being cynical and say some network will not care. We
> all know that out there, that shouldn’t stop legitimate providers from
> getting their act together. Let’s keep rational and positive.

But that is the rational thing. One will never fully solve spam because
of it. Knowing your limits is a good thing.

> Personally, I have enough resources available for protecting my network
> regardless of a technology or a vendor, so I do not want to take the
> problem by assuming how much money do I have to put on the table.

The money I meant is also the portion that pays you and more importantly
the costs for contacting customers to mediate the problem causing why
they where sending spam in the first place...

Support/Helpdesk is what costs money too ;)

> The thing is, relying on a proprietary (fictional) protection appliance
> which filters SMTP at will, based on unknown decisions factors is
> probably not the way to solve issues and is probably not future-proof as
> the spammers tend to have a few smartass and they have their own
> ecosystems for acquiring new spam technology. However, if some do work
> brilliantly, with very little false-negative/false-positive overheads,
> why not give them a chance.

First ask which issue you want to solve, do you want to just filter or
do you want to fix the customer end? See the list of questions in my mail.

> Getting back to the business, let me describe the goal of my previous
> message and the current deployments we have to cover such problems. I do
> not talk about DPI deployment and I am solely trying to solve
> abused-SMTP usage.

Thus the case where an IP has sent spam and you already got an abuse report?

> The ultimate goal here is to protect IP reputation of
> servers.

Which was already, in part, harmed by the above, you already have an
abuse report.

> I do not want to filter dial-in, DSL, 3G network, but a Hosting
> network where the SMTP server will accept authentified customers to send
> their emails as long as they have proper credentials.

Do I understand correctly that you will have:

{ Hosting Network } ---> { SMTP cluster with filtering} -> { Internet }

and do not allow any of the other IPs in the Hosting Network to send
outbound SMTP? Depending on the type of customer (see the question in
previous mail) they might not want to rely on your SMTP server for instance.

or what is the setup you envision?

> Let me describe what I call a spam in this case, because the word spam
> holds multiple definitions and multiple usages and hardly get everybody
> to agree on its meaning.
[..]

SPAM / UCE / UBE is very well defined.

See for instance http://en.wikipedia.org/wiki/Spam_(electronic)
and various other places.

> We have two types of customers.
[... you force customers to use your SMTP server + filter ..]

> It is actually way harder to protect regular, simple, customer sending
> an email with his email client than protecting scripts and mass-mailing
> customers.

Actually the exact same techniques apply it just depends if you want to
invest money (hence the question about that) in if you want to educate
them properly or not... (hence the question about how you contact them).

These kind of customers do not fit the above Hosting Network picture.

Greets,
Jeroen