Spam Prevention for ISPs

Measures that ISPs and other networks can use to stop spam, aside from filtering and lawsuits, involve taking care of the systems and networks that the organisation controls, ensuring that abuse is traceable, containable and quenchable.

Anti-Spam Best Practice
Outbound Spam
Anti-Spam Acceptable Use Policies
Handling Abuse Reports

Anti-Spam Best Practice

Getting your own house in order is an essential step in preventing spam.

General Anti-Spam Best Practice
Traceability Best Practice

General Anti-Spam Best Practice

Spamhaus ISP Spam Issues - www.spamhaus.org/faq/answers.lasso?section=ISP%20Spam%20Issues
Good Practice for Combating Unsolicited Bulk Email - www.ripe.net/ripe/docs/spam.html
Combating UBE - www.linx.net/good/bcp/ube-bcp-v2_0.html
Self-Regulatory ISP Anti-Spam Initiative - www.user-groups.net/safenet/UCE/index.html
Best Current Practice for Duty of Care of Internet Resources - www.camblab.com/misc/univ_std.txt
MAAWG Best Practices - www.maawg.org/about/publishedDocuments
Best Current Practice Subgroup of the ASRG - asrg.sp.am/subgroups/bcp.shtml
Recommended Best Practices for ISPs - www.ic.gc.ca/eic/site/ecic-ceac.nsf/eng/gv00329.html
Email Submission Between Independent Networks - mipassoc.org/spamops/
Anti-Spam Technical Alliance Proposal - postmaster.aol.com/asta/proposal.html
Using Early Results from the 'spamHINTS' Project to Estimate an ISP Abuse Team's Task - www.ceas.cc/2006/16.pdf
Security and Anti-Spam Measures of Electronic Communication Service Providers - enisa.europa.eu/doc/pdf/deliverables/enisa_security_spam.pdf
Anti-Spam for SMTP - www.faqs.org/rfcs/rfc2505.html
ISPA BCP on Unsolicited Bulk Email (spam) - www.ispa.org.uk/home/page_364.html
Email Submission Operations: Access and Accountability Requirements - carlhutzler.com/blog/2007/11/08/rfc-5068/
Alerting users that their PCs are compromised - jc.ngo.org.uk/blog/2007/01/09/alerting-users-that-their-pcs-are-compromised/
Best Practices for ISP's and Network Operators - www.linuxmagic.com/opensource/anti_spam/bestpractices
Best Practices: Information for Email and Network Operators - www.linuxmagic.com/best_practices/

Traceability Best Practice

LINX Best Current Practice – Traceability - www.linx.net/good/bcp/traceability-bcp-v1_0.html
The Limits of Traceability - www.cl.cam.ac.uk/~rnc1/The_Limits_of_Traceability.pdf

Outbound Spam

Ways that ISPs can prevent spam from emanating from their networks, or make it easier for recipients to deal with it if it does happen.

Email Forwarding
Outbound Spam Filtering Overviews
Outbound Spam/Malicious Traffic Filtering Products
Managing Dynamic IP Ranges
Secure your Systems

Email Forwarding

Email Forwarding Best Practices - www.maawg.org/about/publishedDocuments/MAAWG_Email_Forwarding_BP.pdf

Outbound Spam Filtering Overviews

Along with traceability, comes the ability to influence, or alter, the ability of your customers to abuse network resources. Extrusion Detection is the inverse of the now-popular Intrusion Detection; by paying attention to the actions of your customers, you maintain the health of your network's reputation and operating capability. Outbound Throttling or Egress Filtering allows you to mitigate the impact of a spammer or worm infection on your network, so reducing the ill effects, before your abuse reponse can take effect.

Non-Accountable-User bulk-mail throttling - www.templetons.com/brad/spam/block.html
Stopping Spam by Extrusion Detection - www.ceas.cc/papers-2004/172.pdf
Stopping outgoing spam - research.microsoft.com/en-us/um/people/joshuago/outgoingspam-final-submit.pdf
Stopping Spam by Extrusion Detection - www.cl.cam.ac.uk/~rnc1/extrusion.pdf
ISPs forced to take action on viruses - news.zdnet.co.uk/security/0,1000000189,39149411,00.htm
Assessing the Impact of Spam Zombies on Broadband Service Providers - www.cisco.com/en/US/products/ps6150/products_white_paper0900aecd802571d2.shtml
Throttling Outgoing Spam for Webmail Services - www.ceas.cc/papers-2005/164.pdf
spamHINTS - www.spamhints.org/ - research into traffic analysis to detect spam
Using E-Mail Social Network Analysis for Detecting Unauthorized Accounts - www.ceas.cc/2006/17.pdf
Token Buckets for Outgoing Spam Prevention - spam.ani.univie.ac.at/files/cnis05.pdf
MAAWG Best Practices for the use of a Walled Garden - www.maawg.org/about/whitepapers/MAAWG_Walled_Garden_BP_2007-09.pdf
Tenable Network Security — Detecting Spam From Inside your Network - blog.tenablesecurity.com/2007/05/detecting_spam_.html
Tenable Network Security — Passive SPAM Traffic Analysis - blog.tenablesecurity.com/2007/10/passive-spam-tr.html
Categories of problems in outbound spam - blogs.msdn.com/tzink/archive/2008/11/17/categories-of-problems-in-outbound-spam.aspx
Thwarting E-mail Spam Laundering - www.cs.wm.edu/~mjxie/papers/dbspam.pdf
An Effective Defense Against Email Spam Laundering - www.cs.wm.edu/~hnw/paper/ccs06.pdf
Not a great week for outbound spam - blogs.msdn.com/tzink/archive/2010/03/05/not-a-great-week-for-outbound-spam.aspx

Anti-Spam Acceptable Use Policies

An effective acceptable use policy can help to deter spammers. Your AUP is an essential tool in cutting off the account of a spammer who is operating from your ISP.

Acceptable Use Policies - www.spamhaus.org/aups.html
Acceptable Use Policies - spam.abuse.net/adminhelp/account.shtml
AOL AUP - legal.web.aol.com/aol/aolpol/ube.html

Handling Abuse Reports

Handling abuse reports correctly and swiftly can greatly aid in the prevention and detection of abuse of your network. These products are built to allow that process to take up the minimum of resources, allowing your abuse staff to spend their time taking action instead of wading through mail.