On 2013-01-25 13:06, Gregory Agerba wrote:
Hi Jeroen,
Let's not start this email security discussion by being focused on the bottom line or by being cynical and say some network will not care. We all know that out there, that shouldn’t stop legitimate providers from getting their act together. Let’s keep rational and positive.
But that is the rational thing. One will never fully solve spam because of it. Knowing your limits is a good thing.
Personally, I have enough resources available for protecting my network regardless of a technology or a vendor, so I do not want to take the problem by assuming how much money do I have to put on the table.
The money I meant is also the portion that pays you and more importantly the costs for contacting customers to mediate the problem causing why they where sending spam in the first place...
Support/Helpdesk is what costs money too ;)
The thing is, relying on a proprietary (fictional) protection appliance which filters SMTP at will, based on unknown decisions factors is probably not the way to solve issues and is probably not future-proof as the spammers tend to have a few smartass and they have their own ecosystems for acquiring new spam technology. However, if some do work brilliantly, with very little false-negative/false-positive overheads, why not give them a chance.
First ask which issue you want to solve, do you want to just filter or do you want to fix the customer end? See the list of questions in my mail.
Getting back to the business, let me describe the goal of my previous message and the current deployments we have to cover such problems. I do not talk about DPI deployment and I am solely trying to solve abused-SMTP usage.
Thus the case where an IP has sent spam and you already got an abuse report?
The ultimate goal here is to protect IP reputation of servers.
Which was already, in part, harmed by the above, you already have an abuse report.
I do not want to filter dial-in, DSL, 3G network, but a Hosting network where the SMTP server will accept authentified customers to send their emails as long as they have proper credentials.
Do I understand correctly that you will have:
{ Hosting Network } ---> { SMTP cluster with filtering} -> { Internet }
and do not allow any of the other IPs in the Hosting Network to send outbound SMTP? Depending on the type of customer (see the question in previous mail) they might not want to rely on your SMTP server for instance.
or what is the setup you envision?
Let me describe what I call a spam in this case, because the word spam holds multiple definitions and multiple usages and hardly get everybody to agree on its meaning.
[..]
SPAM / UCE / UBE is very well defined.
See for instance http://en.wikipedia.org/wiki/Spam_(electronic) and various other places.
We have two types of customers.
[... you force customers to use your SMTP server + filter ..]
It is actually way harder to protect regular, simple, customer sending an email with his email client than protecting scripts and mass-mailing customers.
Actually the exact same techniques apply it just depends if you want to invest money (hence the question about that) in if you want to educate them properly or not... (hence the question about how you contact them).
These kind of customers do not fit the above Hosting Network picture.
Greets, Jeroen