[anti-abuse-wg] New Abuse Information on RIPE NCC Website

Suresh Ramasubramanian wrote:

>
> and yes, outbound mail scanning is a widely recognized best practice

But this is in some countries or under some other regulations no option.

>
> no, it would not have helped in the Latvia case because the ISP in
> question was hosting botnet command and control sites, which don't tend
> to control bots or run telemetry over smtp.
>
> On Friday, June 21, 2013, Sascha Luck wrote:
>
>     On Fri, Jun 21, 2013 at 02:50:35PM +0200, peter h wrote:
>
>         A few providers actually prevent spam. Those won't show up in
>         listings.
>         To stay out of listings one has to be more then whining, one has to
>         actually prevent spam originating!
>
>
>     Just for the avoidance of doubt, are you arguing for the scanning of the
>     content of outgoing third-party email (aka Censorship) in order to avoid
>     landing on some blocklist?

There is a much easier way of finding botted PCs dialing into your own 
network without having to scan outgoing mail.

Lets say your dialin users are also having email services with you
and they already have a anti-spam system running along with those services.

Simply check incoming spam if they originate from your own dialin 
networks ;o)
If your big enough, its likely (its proofed that its working) that
your own customers receive spam from botted PCs that are also your
customers. If detected, call them and explain the problem, they
will love this service ...

This simply works because most botted PCs used to send out mail
also scan the address books of those users and the friends or
family or colleges tend to use the same provider.


Or: simply count the amount of mails coming out from dialin
IPs and look for unregular peeks ... that should be allowed
in most countries ...


Kind regards, Frank
>
>     rgds,
>     Sascha Luck
>
>
>
>
> --
> --srs (iPad)