The Growing Problem of Web Attacks and Spam

Key Takeaways

  • outbound spam is a serious issue and it is getting worse

  • a number of sources generate outbound spam including compromised accounts, zombies and malicious users

  • resolving this issue can help service providers to retain customers

Outbound Spam is a Serious Problem

Today spam is ~80% of all emails, but this does not show the increasing absolute volume of spam, which doubles roughly every 12-18 months. Outbound spam is the content sent from Web hosting companies, SaaS email providers, Internet access service providers, free email service providers, and on site email managed service providers. This creates problems on a number of levels.

The Source of the Problem

There are 3 primary sources of outbound spam:

  • Zombies

A zombie is an individual home- or business- based computer that has been infected with malware and controlled by a third party. Service providers report that 11.2% of their users' accounts are currently part of a botnet that is being used for sending out spam and 86% of service providers are fighting zombies on their networks.

  • Compromised accounts

These accounts have in some way been compromised by means other than malware. Service providers reported that 12.6% of their users have had their credentials stolen for the purpose of sending outbound spam.

  • Malicious use of email accounts

Spammers create accounts specifically for the purpose of sending unwanted content. One in eight user's accounts are sending out spam and/or malware.

Spammers make efforts to stay concealed by sending hundreds of emails a day or “testing” before sending large volumes. Among the service providers surveyed, 69% consider dealing with outbound spam to be a priority over the next 12 months.

Current Solutions Are Not Effective

  • Use of standard inbound spam technologies in reverse

This approach has shown, through practice, that it can result in high levels of false positives and would result in blocking large amounts of valid outbound email. This happens because these emails are identified as spam.

  • Blocking of Port 25 for outbound email

Blocking Port 25 results in the blockage of valid emails as well, along with the outbound spam, resulting in high levels of false positives.

  • Blocking entire ranges of IP addresses

Some service providers will block a range of IP addresses that may be used by the offending sender, and this results in email for legitimate senders being blocked.

  • Manual handling by the abuse team

Manual handling by the abuse team can be slow and ineffective in dealing with outbound spam, given the large amount of compromised accounts hosted by service providers.

The result of these practices are high levels of false positives and unsatisfied customers. Research has found that 70% of service providers are not completely satisfied with their current solutions in stopping outbound spam.

The Consequences of Outbound Spam

  • Significantly higher costs of providing service

Outbound spam can increase the costs by incurring an unnecessarily large number of calls to technical support to address false positives, switching customers to new IP addresses, and additional IT staff time to identify and resolve outbound spam issues. Some companies spend from $100,000 to over $250,000 a year on outbound spam-related expenses.

  • Corporate reputation can be damaged

  • Blacklisted IPs create problems

Abuse staff must spend time working with blacklist operators convincing them that they are not spammers, in addition to spending time resolving problems related to their placement on the blacklist. Service providers must also deal with dissatisfied customers who may switch to other providers.

  • Remediation efforts are poor, resulting in unhappy customers

Blockage of Port 25 or of a range of IP addresses will irritate many customers, hindering the acquisition of new customers and incurring the loss of current customers.

  • Increases the amount of network traffic

Outbound spam increases the amount of network traffic, which call for the provider to add more capacity and drive up their cost of doing business.

The Benefits of Dealing Effectively with Outbound Spam

The benefits of dealing effectively with outbound spam are the opposite of the consequences described above: costs with supporting customers is reduced, less effort is required to manage users, corporate reputation is maintained, customers are happier, and network traffic is minimized. Service providers believe that an important reason to apply outbound spam solutions are to provide better customer service and would provide a competitive differentiation for their company.

What Features are Important in a Solution?

Among the many features used to remedy outbound spam, there are 3 that are critical:

  • Low false positives

False positives should fall well below 1% and as close to 0% as possible.

  • Identifying senders of spam

In identifying individual senders, service providers can block the individual offenders and/or remediation efforts can be directed in a highly granular fashion instead of blocking entire IP addresses.

  • Adjusting filtering thresholds

A good outbound spam solution will also let service providers adjust filtering thresholds whenever it is needed in response to changing conditions, new zombie outbreaks, recently discovered intelligence on new malware threats, and other conditions.

Possible Solutions

  • Multiple layers of defence- perimeter defence, content filters and protocol filters

    • perimeter defence blocks spam from obvious senders, multiple connections at one time from a single IP address, enables reverse DNS so that emails arriving at your server are from legitimate domains

    • protocol filters can limit the amount of recipients for incoming mail so that spammers can only send to a small number at once

    • content filters scan incoming mail, can block specific extension types and encrypted files

  • The placement of gates between the firewall and the mail server can be used to process incoming mail and authenticate users. While passing through the gate, mail undergoes security checks and the content is scanned

  • Administrator setting can also be optimized to reduce spam-related problems

    • frequent engine updates can get you the most recent ant-virus software and ensure that your spam engines are up to date and automatically maintain with the newest updates

    • with delegation methods, you can differentiate different settings at both the domain and user setting to have system-wide setting to ensure that the proper configurations are in place

    • by doing these things, more time is freed up to enable administrators to work on more important matters. Users can rapidly do through their blocked messages, report discrepancies and commit senders to either a blocked or trusted list

Rebel Networks Outbound Spam Solutions and Services

Our managed email security service offers comprehensive protection against a wide range of email threats using a combination of proven spam filters, leading anti-virus engines, fraud protection, content filtering, and email attack protection:

  • McAfee Email Defence Service

  • McAfee Web Defence Service - Our easy-to-use Web security solution effectively blocks quickly-evolving Web threats, including spyware, viruses and phishing attacks, while enabling greater control over unauthorized Web surfing by employees

With Rebel Networks spam protection, users are better able to:

  • decrease IT costs and maximize services

  • decrease network and storage costs

  • increase employee productivity

  • reduce corporate liability

Unlike appliances and enterprise software solutions that require integration, migration and a significant amount of ongoing maintenance, the McAfee Email Defence Service is effortless and highly effective. Our solution requires no upfront capital or integration, is flexible and easy to administer, and offers rapid activation. The service includes:

  • Advanced Spam Blocking

  • Virus and Worm Scanning

  • Content and Attachment Filtering

  • Fraud Protection

  • Email Attack Protection

  • Outbound Message Filtering

  • Sophisticated Quarantine Management

  • Around-the-clock Monitoring and Protection

  • McAfee Fail Safe Disaster Recovery Service

For added security, the McAfee Email Defence Service supports SMTP over TLS, providing email delivery encryption which allows customers to easily send and receive email over a secure, end-to-end encrypted tunnel. And, our flexible, easy-to-use Group policies management feature enables customer administrators to create user groups, and subscribe each user group to a particular set of filtering policies.

In using the McAfee Web Defence Service, SMBs can create a more secure network environment and integrate greater control over employee Internet usage. Ours is a fully-managed Web security solution that delivers effective protection against quickly-evolving Web threats like spyware, viruses and phishing attacks and incorporates technology to prevent unauthorized Internet activity.
The McAfee Web Defence Service:

  • Blocks access to inappropriate websites

  • Blocks malicious Web threats

  • Provides visibility to Web usage through detailed reports

  • Enforces different Internet usage policies for different groups of users

  • Delivers continual updates which protect your users from the latest threats and inappropriate content

  • Protects users on the entire corporate network, including remote users

  • Provides powerful security, easy administration and use


Our basic conclusions are that outbound spam is a serious issue and is getting worse. Conventional solutions are not adequate to fully solve the problem. Therefore, new technologies and approaches are necessary to ensure that outbound spam is minimized. Many customers will use service providers that address outbound spam in a granular way.

About the Author

Domenic is Founder of Rebel Networks is a leading provider of outsourced Internet infrastructure and related managed web solutions. Rebel Networks was voted the 3rd fastest growing hosting company in the world in October 2007 by Hostingreview. Domenic is an expert in web and internet technology and has numerous positions in senior management. He is a market leader and knows how to build sales and marketing plans with little budget.

© 2010 Rebel Networks. All rights reserved.

No part of this document may be reproduced in any form, nor may it be distributed without the permission of Rebel Networks, nor may it by resold by any one but Rebel Networks. Rebel Networks does not provide legal advice and this document does not constitute legal advice, nor does any software product or other offering referenced herein serve as a substitute for the reader's compliance with any laws, referenced in this document. Rebel Networks makes no warranty or representation regarding the completeness or accuracy of the information contained in this document.




Was this article helpful?

mood_bad Dislike 0
mood Like 0
visibility Views: 2164