Everyone’s network leaks

… Just try to plug it as best you can.

First off, let me preface this blog post by mentioning that I currently work for OpenSRS as a security specialist, and a part of my job function is to handle spam on our email platform. Ok, that said, let’s start.

Everyone has a spam problem. Be it a problem with receiving too much spam in their inbox, receiving too many false positives in their spam folder, or on the flip side, having their marketing mail show up as spam in their reader’s spam folders.

Everyone involved is working quite hard to figure out ways to help one another while maintaining some security for their end users. This is great. The problem is that there are still so many people who just don’t get it.

I replied to an email today on the Postfix mailing list, in response to a mail-admin’s question about how to setup the lightest possible anti-spam measures on their outbound relays. The vast majority of the replies indicated that the admin would have to employ some sort of deep content inspection tools like Spamassassin and ClamAV. The terrible part was that the admin just didn’t get it.

Terry Zink has been writing some nice articles about outbound spam, and I recommend that you read them if you have ever, or will ever, send mail via the Internet. He understands that the mail admin’s network is at the mercy of the platform’s customers, and their choice in mail to send. The health of the cluster must come above the convenience of the user.

Like the email marketers of the world, we ISPs are also vulnerable to the wrath of other ISPs, and must explain to our customers why their mail is “taking forever” to deliver.

How do we deal with it?

We employ many of the same tactics that senders employ, including monitoring our inbox delivery rates, and paying close attention to our subscribed FBLs.

We don’t really fire our clients, as say an ESP could if they were sending plenty-o-spam, but we do take action against our accounts. We have to, otherwise our customers (not our users, but the people whos domains the email account exists under) wouldn’t know what their users are doing with their mail, or if there are hacked accounts that they’re responsible for.

Along with outbound spam/virus filtering, rate limiting of new accounts, and automatic suspension of accounts due to trusted external complaint sources, we’ve been able to successfully maintain a reasonable good reputation on our network.

We do our best, but we must always remember that our network will leak, but if you don’t keep an eye on it, then expect your queues to grow and the user complaints to start rolling in.