How To Tackle Blacklisting

Author	All Replies
keith2468 Premium,MVM join:2001-02-03 Winnipeg, MB	How To Tackle Blacklisting As Steve points out, SPEWS (and other blacklist outfits) start out by blacklisting the actual source IPs of spam. If spam occurs with a much frequently than is typical on a range of IP addresses, then they move to blacklisting that range of IP addresses. The ISP is in control of this process. If the ISP investigages and terminate spamming customers, and helps customers with victimized computers secure them, the ISP will have industry average levels of spam and not be blacklisted. ISPs have 3 main options in how to tackle this: 1. ISPs can tell their customers they don't care about security, that they don't care if the customers of other ISPs are spammed, and that they consider security to be a waste of profits. They can tell their customers to be satisfied that they can at least email each other. 2. ISPs can spend big bucks to manually tutor customers in cleaning infected machines and chasing spammers from their customer lists. 3. ISPs can use automated tools: a) To filter infected email attachments and spam as it passes through their email servers (some of which links to infectious sites) inbound to their customers. (Customers should be able to alter the filter settings by themselves, but the filters should default to "on" for new customers.) b) To detect and block scanning IPs (infected machines) trying to infect their customers. (Monitored decoy IP addresses would be one way to do this. Have 1000 decoy IP addresses quietly listening in their address space, and place a 24 hour block any source IP that hits more than 5 or 10 of them in a 12 hour period.) c) Promote software firewall, anti-malware and anti-viral software to their customers in their installation proceedures, customer info update emails, and customer support website. Maybe even arrange discount pricing for customers with the vendors on the basis that: (i) An uninfected customer costs you less to service and support than an infected customer. (ii) If customers are running software your support staff are familiar with, they cost less to support. -- (Virus&Hijacking FAQ + Submit suspected malware + Backups FAQ + Security FAQ TOC)
keith2468 Premium,MVM join:2001-02-03 Winnipeg, MB	to forum · permalink · 2005-05-09 22:35:49 ·
sweintz Premium join:2002-03-01 Chester, CT	said by keith2468: As Steve points out, SPEWS (and other blacklist outfits) start out by blacklisting the actual source IPs of spam. If spam occurs with a much frequently than is typical on a range of IP addresses, then they move to blacklisting that range of IP addresses. The ISP is in control of this process. If the ISP investigages and terminate spamming customers, and helps customers with victimized computers secure them, the ISP will have industry average levels of spam and not be blacklisted. ISPs have 3 main options in how to tackle this: 1. ISPs can tell their customers they don't care about security, that they don't care if the customers of other ISPs are spammed, and that they consider security to be a waste of profits. They can tell their customers to be satisfied that they can at least email each other. 2. ISPs can spend big bucks to manually tutor customers in cleaning infected machines and chasing spammers from their customer lists. 3. ISPs can use automated tools: You forgot option 4, which I consider to be the best approach of all - quickly suspend any account that is causing spam complaints. If the account is found to be doing any kind of deliberate mass mailing, whether or not they claim it is "opt-in" or not, IMMEDIATELY and PERMANENTLY terminate the account. If it appears to be a trojaned/zombied machine, then give the user 1 (and only one) chance to clean it up. If it generates another compaint after you renable the account, then IMMEDIATELY and PERMANENTLY terminate the account.
sweintz Premium join:2002-03-01 Chester, CT	to forum · permalink · 2005-05-11 12:37:30 ·

Telewest UK Discovers SPEWS > How To Tackle Blacklisting