EmailSafety.net - Antispam group outlines defenses to block botnet spam

Antispam group outlines defenses to block botnet spam

Anti-Spam Software

What is Spam?

Spam Laws

Spam Facts

User Tips

Common Email Scams

What Are Visuses?

Virus Prevention Tips

Anti-Virus Software

Basic Tips

Recent News

A major antispam organization is pushing a set of new best practices for ISPs (Internet service providers) to stop increasing volumes of spam from botnets.

The guidelines, from the Messaging Anti-Abuse Working Group (MAAWG), were drawn up at a meeting in Germany last week and deal with forwarded e-mail and e-mail that is sent from dynamic IP (Internet Protocol) addresses.

Many people forward their e-mail from one address to another, a relay that goes through their ISPs mail server. But many ISPs use automated tools that could begin blocking further e-mail to an address if a large volume of e-mail has come through. Legitimate messages would be blocked, too.

"If a spammer targets AOL, a lot of people have AOL addresses redirected somewhere else," said Richard D.G. Cox, CIO for Spamhaus, an antispam organization that's a member of MAAWG. "So if a whole lot of spam is coming out of AOL, people will block it on automated basis."

Related Content

ISPs can fix this by separating the servers that receive e-mail and ones that then forward e-mail. That way, ISPs can filter out spam coming into the accounts before forwarding, taking a look at the messages and spotting which ones came from dodgy domains, Cox said.

Also, servers receiving forwarded e-mail can be confident that the server where mail was sent from is trusted and legitimate. As of now, only a few ISPs are taking steps to fix the forwarding problem, Cox said.

"This is something we need a big takeup on," Cox said. "When everyone does it, more of us will benefit as well."

MAAWG's second recommendation deals with the long-standing problem of PCs that have been infected with malicious software that send spam.

The PCs are part of botnets, or networks of computers that have been compromised by hackers. After a PC is infected, it will often start sending spam through port 25 straight onto the Internet. That contrasts with legitimate e-mail, which usually goes through the ISP's mail server first before being sent on.

Many ISPs assign a different IP address to a subscriber's PC when they connect to the Internet, known as a dynamic IP address. Those infected machines on dynamic IP addresses aren't always automatically blocked by ISPs. Other receiving e-mail servers can block the particular IP address, but many malware programs are designed to reboot a PC in order to get assigned a fresh dynamic IP address from which to continue sending spam, Cox said.

The IDG News Service is a Network World affiliate.

Recent News:

· Feds draw a bead on Russian behind Mega-D botnet
· Ransomware Attack Resurfaces to Hold Files Hostage
· Adobe Reader X Makes PDF Files Safer
· PayPal Users Beware of Holiday Phishing Scam
· McAfee Reports Malware at All-Time High

Site Map | Recent News | Related Sites