[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SAGE] ISP class egress anti-spam filtering

To: sage-members@sage.org
Subject: [SAGE] ISP class egress anti-spam filtering
From: Neil Neely <neil@frii.com>
Date: Fri, 16 Nov 2007 08:25:18 -0700
Sender: owner-sage-members@usenix.org

Last night at the LISA anti-spam bof I brought up a discussion that I would like to move to this list:

First I should ask: Are there any free open source ISP class egress anti-spam filtering solutions out there that anyone has ever utilized? I've seen some links to a handful of vendors doing this in general, but haven't looked too closely.

I believe this problem space is relatively unexplored, and I would suggest to this group of people that this is the next frontier on the anti-spam war that we should collectively work towards.

A free open source relatively easy to deploy tool named spamassassin came along a number of years ago and launched a revolution in ingress spam filtering technologies, and we now have many, many wonderful tools at our disposal that help reduce the flood of bad coming into our networks. What I would love to see is a similar revolution occur with egress filtering.

The problem space is really quite different from ingress filtering, and while some of the techniques carry over, there are some very important differences that need to be explored and best practices established for dealing with. In ingress filtering you know the destination, so you can simply quarantine those dubious messages for users to review - in egress filtering you don't necessarily have a clue who the sender is (which is a core part of the problem obviously). What is the best way to deal with this? There are many other challenges relating to egress filtering, and we collectively desperately need better answers to these problems.

The main discussions on this topic relate to egress filtering for a single enterprise - and while useful for those cases they just don't apply for ISP's. As an administrator for a regional ISP I know the tools that we use to sort-of deal with egress filtering, and it strikes me that it feels a whole lot like the same ad-hoc weak approach that we used for ingress filtering before spam assassin came along.

I'm hoping this message grabs the interest of someone with the skills + time to start tackling this problem.

The theory I am operating on is that egress filtering could follow the same path as ingress filtering - the introduction of a free open source solution that was relatively easy to deploy started a revolution so that now everyone does it. If it were easy for ISP operators to truly police their users than we would do it. If high quality egress filtering were ubiquitous and relatively inexpensive it would become far easier to hold ISP's accountable if they weren't doing this.

Neil Neely

Senior Systems Engineer

FRII

neil@frii.com

Follow-Ups:
- Re: [SAGE] ISP class egress anti-spam filtering
  - From: Brad Knowles <brad@shub-internet.org>
- Re: [SAGE] ISP class egress anti-spam filtering
  - From: Gene Rackow <rackow@mcs.anl.gov>

Prev by Date: [SAGE] Which heuristics do you use with a quorum disk on RHAS4?
Next by Date: Re: [SAGE] DTE: PCMCIA card which emulates a monitor?
Prev by thread: [SAGE] Which heuristics do you use with a quorum disk on RHAS4?
Next by thread: Re: [SAGE] ISP class egress anti-spam filtering
Index(es):
- Date
- Thread