What is Outbound Spam Filtering?Everything you need to know about preserving your mail server’s IP reputation.
Everyone knows about “inbound” spam filtering: that’s the technology that protects your inbox from spam and other malicious email traffic. But did you know that service providers and enterprises also need to pay attention to the spam exiting their network in the outbound direction?
In an effort to stop inbound spam from harming users, sophisticated reputation systems track the amount of spam coming from each IP address on the Internet. Systems block IP addresses that send too much spam, and rate limit those with questionable sending practices.
But what if the IP address you are using to send email becomes blocked because spammers have somehow managed to send spam through it? Outbound spam filtering addresses this challenge.
When you apply for a bank loan, the bank typically requests some personal identification, such as your name and social security number. This information uniquely identifies you within the credit reporting system, allowing the bank to view your credit history and to decide whether to give you a loan.
In the world of spam prevention, IP addresses are analogous to social security numbers. The IP address is the only reliable identifying information that email receivers can use to identify the responsible sender of each message. When multiple users send email through one mail server, email receivers on the Internet can’t trust anything other than the IP address of the mail server, because spammers can provide fake email addresses or even impersonate legitimate users.
However, an outbound spam filter can do a better job. Because the outbound spam filter is installed within your own network, you can program it to identify individual users based on their authentication credentials — for instance, whether they entered the correct password in order to send mail through the server. By tracking individual users, the outbound spam filter can identify spam-like behaviour on a user-by-user basis, and prevent spam from leaking out of the mail server’s IP address. This protects the mail server from becoming blocked by email receivers.
Outbound spam filtering involves more than just analyzing message content and rejecting the spam. A good outbound spam filter knows how to identify the actual sender of each message, and to record the long term behavior of each sender, looking for suspicious patterns of behavior. A good outbound spam filter also takes great care not to make mistakes, because mistakes hurt your own users, rather than someone else’s.
Outbound spam filtering solutions are available in a wide range of effectiveness, scalability and flexibility. When evaluating the capabilities of alternative solutions, here are 10 things to consider:
- 1) Will it work with your architecture? Does the solution provide transparent proxying capability to deal with unmanaged services like VPS and dedicated hosting machines, or with subscriber type networks?
- 2) Does it scale? Outbound spam volume can dward inbound spam volume, with huge spikes in traffic that can disable poorly scaled systems.
- 3) Can you manage it centrally? Does the vendor provide a centralized management console that brings together configuration and analytics information from all of the systems in the cluster?
- 4) Analytics capabilities – does the solution offer comprehensive sender behavior analysis, as well as tools to help the administrator review sender behaviour and delivery results?
- 5) Can you customize it? Will you be able to write custom policy scripts or rules so that you can rapidly respond to unique attacks from within your infrastructure?
- 6) Does the vendor specialize in IP reputation management? Do they attend industry conferences such as M3AAWG and maintain relationships with large email receivers and blacklist operators?
- 7) Can the solution automatically notify you when an account appears to be compromised?
- 8) Can the content analysis system identify potential spam campaigns emerging from your network, in addition to well known spam campaigns that are already wild on the Internet?
- 9) Does it let you track sender identity using sophisticated analysis of message headers?
- 10) Can you deploy quickly, and will the vendor be there to help you when something goes wrong?