On January 26, 2011, CEO Ken Simpson gave a talk on outbound spam filtering for the BeanSprout Web Host Showcase.
There are two main drivers for outbound spam filtering at VPS hosts. First, improving IP address space reputation so that VPS customers will be able to reliably deliver email to the rest of the Internet. And second - and more importantly - reducing the number of fraudulent accounts that are set up in their system.
Here is the entire transcript:
Earlier this month, I logged on to the Cisco SenderBase web site, which keeps track of all the spam that is sent to Cisco IronPort customers worldwide. IronPort processes well over a billion email messages a day for tens of thousands of companies worldwide.
SenderBase keeps a list of the top 100 worst spam sending IP addresses. For each IP address, it shows the network owner of that IP address. I downloaded the data as an Excel file, popped it into a Pivot Table, and grouped by network, summing up the millions of spam messages per day reported by SenderBase for each IP address.
The result: Most of the world’s large spam sources are hosted by hosting companies.
Virtualization makes spamming as easy as 1 2 3. The first step is to acquire a VPS account. Spammers use stolen credit card credentials that they obtain from online card number trading sites to buy VPS server capacity.
Armed with a login, they install their spam sending software and begin blasting away. We sometimes see a single VPS instance sending up to 8,000 new SMTP connections per second. VPS operators often don’t find out about a spamming account until the credit card firm issues a chargeback notice, or until their IP space has been blacklisted – but we’ll get to that in detail later.
Finally, the IP address of the VPS appears on multiple RBLs or blacklists. Email delivery from the particular VPS is hampered enough that the spammer abandons the account.
And the process repeats itself. It’s really hard to identify spammers because of their use of proxies and stolen credit cards.
So preventing them from signing up in the first place is next to impossible. You really have to deal with the aftermath of fraudulent signups, which implies being able to monitor the spam coming out of their accounts.
The cost of spamming to a VPS operation increases as the number of spammers increases. When a new VPS service opens, the level of account fraud and spam may initially be relatively low. This low level of fraud generates a small amount of blacklisting, and email delivery for all users is quite reliable.
As more spammers take up residence in the VPS service, the number of blacklist entries increases. Email receivers like Yahoo, Google, AOL, and Hotmail begin to place limits on the amount of email they will tolerate from your IP space. Meanwhile, the costs associated with credit card chargebacks increase.
If you don’t get the spam problem under control, basically the whole Internet blocks your network from sending email. This is what happened to Amazon web services, who in 2009 were listed on two very prominent blacklists: Spamhaus and Trend Micro’s MAPS list. You basically can’t deliver email from Amazon anymore.
Our solution for VPS and dedicated hosting providers is to offer a transparent spam filtering system that integrates with your hosting network. You configure your routers to redirect email traffic through a small number of machines running our software.
We scan the email, block the spam, and send you trouble tickets whenever one of your customers appears to be spamming.
This enables you to break the spamming cycle by quickly shutting down spammer accounts, and limiting the amount of damage they can do to your IP reputation.
This slide shows what we were able to do for an ISP in Asia into whose network we installed our software. Within 72 hours of installing, the number of blacklist entries on the UCEProtect blacklist was reduced by 40%. This is an amazing result.
Coming soon to OnApp
Does your VPS offering filter outbound spam?