Re: ISP wants to stop outgoing web based spam

[Florian Weimer <fw () deneb enyo de>]

* Hank Nussbacher:

> I guess I wasn't clear enough in my first posting.  I am not
> interested in smtp (port 25 spam).  We have that covered.  I am only
> interested in blocking outgoing web based spam.  A user sits and sends
> out spam via automated tools via Hotmail, Yahoo, Gmail, or whatever
> Webmail system where they have set up thousands of throwaway users.
> An antispam proxy (that I want to install and manage) has to be able
> to come between the user on his/her PC and the Hotmail system and scan
> the http posts and page templates for things like number of receipents
> and other tricks like keeping track of the number of http posts.  It
> has to maintain a list of known free webmail systems that are abused.

Your are tackling this from the completely wrong angle, I think.

You should look after the automated tools (probably using a virus
scanner or something like this) and trigger a covert alert once they
are detected.  If the spam sent out is of the right kind, you can
phone the police and have the guy arrested.

This assumes that the miscreants actually visit the Internet cafe.  If
the spamming is purely malware-based and non-targeted, the spamming
problem simply disappears once you get rid of the malware problem.