PlusNet, Spam, and the MAAWG

Many of you will have seen the article on the BBC's news site, and some may have seen the article on the ISP review. I was fortunate enough to have attended the MAAWG (Messaging Anti-Abuse Working Group), Heidelberg conference, where this particular item was discussed, as were many other items. One hot topic was DKIM (DomainKeys Identified Mail) which is being developed to replace other flawed email signing systems. Once fully implemented DKIM will not solve the spam issue, as it only ever allows us to rate the reliability of the source, and not the content. However, it is one more weapon in the arsenal that should help to trap the Phishing posts. Yes, we have heard the same thing in the past from AOL and Yahoo when they developed their own systems, but now they are working together on an IETF (Internet Engineering Task Force) implemented system. This is something we should all support, not just because its independent, but it is based on the experience of two of the biggest email operators in the world. Therefore, expect us to push to make sure DKIM is fully supported in our incoming email solution, and once DNS has been updated I hope to be able to get it offered on the out going channel too. Out going email is a priority for us, after the long needed update to webmail. Only by eliminating the spam leaving our network can we hope to avoid the issues which arise from our IPs being placed on RBLs, or bad reputation lists. In practice we will never totally stop spam from our network, but it is a goal worth striving for. Yes, this will mean that at some time we will have to block port 25 on the out bound, but not until we put into place methods to avoid problems for our customers that run email servers. I believe we strike the right balance and can create an email platform which offers more freedom to our customers, while also locking out those which attempt to abuse it. Also at the MAAWG I had the opportunity to talk to several people from Spamhaus, including the CIO Richard Cox. Though we do have one issue to be looked into, generally they do not currently see us as one of the bad ISP's. This is promising, but should be seen as a foundation on which we need to improve. Any instances of our IPs being on a black list causes us all problems that are generally avoidable. From the reputation list side I also got to talk with ReturnPath. Though they can not offer us an advantage at the moment with us using Postini, it was worth talking with them so as to get an idea of how we can be a better network provider. Talking about stopping the spam that is generated on our network; one of the most interesting presentations given at the MAAWG was that which dealt with web hijacking. Web hijacking involves gaining access to a web sites file system, and adding an IFRAME to an existing page. That page then displays in the web browser just like it did before, but now also transparently goes off to another site to download a process which attempts to break into your machine. One of the most frightening stats presented was that the current anti virus systems quite often miss this type of attack. WebWasher, and Kaspersky offered some of the best hit rates, but even left quite a few people open to exploitation. Having said this, it is obvious that having no protection is not an option. Everyone needs to have antivirus software, and don't rely on others to do the detection for you as the more layers between you and the attackers the better the chance is that you will not be an unwitting member of a botnet. Hopefully the Heidelberg MAAWG will not be my last. There are many benefits to be gained from attending such meetings, and should allow PlusNet to get in front of the rolling wave which is spam. -- Geoff Mitchell