stop outgoing spam from server

Hi,

I got a problem here.

I have a webmail service that provides free webmail to our members using IMP/horde but we have some ppl signing up and using our service to send out spam. How can I stop this? I can't ban by ip and just deleting the account won't help because they will create a new one. Or could someone be using our smtp as a relay? How do other webmail services stop this?

thanks
edwin

You need to get hold of the documentation for your mail server and check to make sure that you have restricted the IP addresses that you allow to relay mail. In addition find out which IP address the spam user connects from as well as the date and time (check your web logs) and report them to the people who manage their network. Use the following link along with the spam users IP address to track down the email address for the network admin.
http://www.arin.net/

Your other option is to confirm that the IP address is only being used by that one individual, then based on the IP address redirect them to a special web page using some CGI or script which says the following

"You are currently under investigation for abusing this service you will be contact by the authorities if the abuse continues or at the end of the investigation".

ok. if relaying is secure then how do you stop or deter users from sign up new accounts and then using it as spam accounts?

how does yahoo or hotmail does it?

we tried to ban per ip or subnet it doesn't seem to work too well. too many different ips.

You can't really stop people from using an account for spam unless you were able to read their minds. What you can do is make it such that your service is not SPAM friendly. Of course this is going to cause some trade offs as it relates to fluidity and ease of use.

ie.
1) You can limit the amount of user email address one can email a given message to. If you capped the limit at ten it would satisfy most of your other users while deterring spamers. In addition you could force them to enter additional email address in separate text boxes rather that allowing them to submit email addresses in one text box separated by comma's or spaces.

2) You can force all messages that users attempt to send with more than 15 people in the "To" field to a holding state for review by the mail server admin. After some one verifies that the email is legitimate then the admin can clear the message and allow it to pass through. You can automate the process such that after 3 - 10 approvals the users messages are no longer monitored. When you do verify that someone is using your service to send spam you can send them a nasty warning message.

It depends on how determined you are, and what sort of restrictions a reasonable user will put up with.

hotmail do it by having a well publicised policy discouraging spam, a means for recipients of spam from hotmail accounts to complain, and a willingness to follow up legitimate complaints.

In association with such a policy, there are a number of tricks you could do.

You could scan the content of all outgoing email, and simply refuse to forward any messages that pass your criteria as "spam". The problem with that is that such schemes give both false positives and false negatives. The false positives (email detected as spam even if it isn't) can be addressed by allowing users to request a human administrator to release the message. Problem is that means a workload and cost for you and your staff. There are also potentially privacy issue of scanning email that need to be dealt with in your policy and in behaviour of software tools.

One simple strategy would be to limit the number of recipients allowed for a message (eg 20 or less addressees), and to limit the total number of separate messages that can be sent per day. In combination, those restrictions will discourage most spammers although they will be a pain for legitimate heavy users of your email service. That means some way needs to be available so genuine heavy users have a means of requesting the constraints be relaxed after suitable checks are made.

Other approaches might involve comparing the reply-to address field with the account that actually sends the email. A common attribute of spam is that the reply-to address is different from the originating address. Again that has issues as it will catch out users who have a genuine reason for wanting replies to go to another email address.

Yes you can also check the reply to field as a trigger to move a message to a the admin reviewers stage. But at the end of the day, although it may be time consuming, your best option would be to review those flagged emails as opposed to using an automated process. As you start to grow you can also restrict your automated process to people who had an account less than one year AND email more than 10 people AND/OR the users email address does not match the "REPLY TO:" field.

Perhaps as you continue to review emails you will be able to capture the AI needed to create a program which will parse emails that were moved to the reviewers state.

thanks for the ideas.

would any of these be easily implemented in the IMP mail system?

I also want to add a image security word thing when signing up for a new account but unsure how to add that into the system.

There is not too many things that you can't do once you get familiar with the underlining code. When you are ready to start automating your spam filtering process, there are utilities that you can use to help identify SPAM. Here is a link to one of those utilities

http://www.snapfiles.com/get/emailparser.html


Regarding the image stuff, why don't you create letter and number images that you can render in random sequences instead of using the actual letters and numbers to identify them, use a hashing code to represent each character. Next when you select a group of letters/numbers images at random, store the hashing code for the representation of those sequence of letters/ numbers in a database. Then when the user types in the actual letters/numbers you hash them (using your hashing methodology) and compare them with the hashing code in the database before you create the account.


BTW why don't you shoot me an email with the URL of your site. I'd like to take a look..

Regarding the image stuff, why don't you create letter and number images that you can render in random sequences instead of using the actual letters and numbers to identify them, use a hashing code to represent each character. Next when you select a group of letters/numbers images at random, store the hashing code for the representation of those sequence of letters/ numbers in a database. Then when the user types in the actual letters/numbers you hash them (using your hashing methodology) and compare them with the hashing code in the database before you create the account.

It's not %100 secure, but it is a big deterrent

thanks. i'll have to start to look at it.
the site is down. cause our provider warned/cut us off and we've moved to a new place but want to fix the problem before putting it back online. its only a maintenance page up now.

Not a problem! If you need help send me an email.

Cheers
GGG

That raises one other suggestion. Discuss your situation with your (new?) service provider. They may be able to advise on even more techniques you can use to discourage spammers, and may be able to provide backup in catching spam you miss.

It will also mitigate problems like you're having now. If they know that you're legitimately trying to prevent spam, they're more likely to work with you (rather than simply close you down) if some spammer manages to cause a new problem for your site.