ISP Outbound Filtering

bfayne_ironport · ‎07-24-2007

How do you handle outbound spam?

Most ISPs can't afford to just let outbound email go completely unfiltered for fear of being blacklisted.

It has been suggested that many ISPs do not perform outbound spam filtering.

What do you do?

Donald Nash · ‎07-25-2007

None of those options cover what we do. We require SMTP authentication to send mail through our mail servers (and TLS to protect the passwords, of course), which has so far proven effective at stopping any bots from sending spam through our servers. We don't do outbound port 25 blocking, so direct-to-victim spambots could conceivably do some damage. But we have a good security group who spot and quarantine compromised systems very quickly.

Since we're a university rather than an ISP, our only "customers" are students, faculty, and staff. Therefore we don't often have users who go rogue and start spamming. Those who do get caught pretty quickly.

Our biggest blacklisting problem has been from AOLusers who click the "this is spam" button on legitimate mail that happens to come from or through us.

tminchin_ironport · ‎07-26-2007

we just block port 25 with a firewall rule. It used to be fairly effective for identifying SMTP worms (as they'd light up the ACL rejections) but these days it's pretty quiet - mostly people who have VPN'ed in and left their email system running.