How ISPs are Curtailing Outbound Abuse

For an ISP, the consequences of outbound spam can be grave. Another email provider could block them or their entire range of IPs could end up on a blacklist.

Intercepting outbound spam is, therefore, crucial for any ISP wishing to safeguard their reputation while reducing the total volume of spam circulating throughout the global email ecosystem.  More importantly, curtailing outbound spam means protecting end-users from the threat of getting their passwords stolen and their accounts compromised.  The first phase of designing a comprehensive anti-abuse initiative involves people, processes and policies. The ISP’s Anti-Abuse Department will decide on their overall approach, such as; the terms of their Acceptable Use Policy, general abuse handling procedures and management of legacy ports such as 25 (SMTP), 110 (POP), and 143 (IMAP).

Parallel to the above, the ISP deploys various anti-spam technologies such as outbound-port filters. The Three Ps; People, Policies & Procedures plus technology; all put together this sounds like an almost perfect approach, but here’s the caveat; people are not omnipresent and no one technology, like an anti-spam filter, is enough to eradicate outbound spam. Attempting to use an inbound filter to stop outbound spam also presents a number of issues. Inbound spam filters are used to detect abuse from generally unknown sources. Abuse sent from your own network, hidden within masses of legitimate email, can be difficult to detect.

Spam comes in waves and most anti-spam solutions used for detecting inbound abuse require a period of time until an attack is detected. During this time, a spammer could have already transmitted thousands of emails and cause significant damage to the ISP’s reputation.   Moreover, outbound abuse is often the start of a journey that potentially entails other forms of abuse, such as web-login attacks, fake registrations, and phishing, tying it closely to general threat assessments.

With this in mind, it’s clear that the ability to monitor outgoing spam both before and after it has left the network is vital to an Abuse Department. If you can’t catch everything the first time around, the ability to react quickly once abuse is observed becomes vital.

So how do they do that? One way is to deploy a tool that allows the ISP to fully automate the data-collection cycle necessary to detect outbound abuse and take action on it.

The characteristics of an effective monitoring tool are as follows;

  • Provide an ISP with visibility outside of their region; showing what other ISPs around the globe are seeing from their network.
  • Enable an ISP to track abuse from their customer accounts as well as from hosted servers (often for businesses) that aren’t controlled directly by the ISP.
  • Identify waves of abuse and track abuse history over time.
  • Easily integrate within existing internal customer care systems.
  • Alert the Abuse Department, in real-time, when new incidents of abuse are discovered.  
  • Provide the necessary details to allow the ISP to take action to either stop the abuse or remedy the situation when a customer’s credentials have been compromised.

Return Path has created the Outbound Abuse Manager service to fulfill all of the above criteria. Outbound Abuse Manager  provides a fully automated data collection cycle with CRM integrated capabilities, and is an integral part of our Fraud Protection Services suite.  A number of renowned email providers already use it and take advantage of Return Path’s Trusted Cooperative Network, the largest messaging reputation network on earth. They benefit from data drawn from more than 80 network partners worldwide, providing with the broadest visibility into outbound email abuse.

If you’re an ISP interested in augmenting your current anti-abuse efforts with intelligence you can use, take a look at our white paper The Challenges & Limitations to Solving Outbound Abuse and contact us for more information on our Mailbox Provider services.