ISPs Join Hands to Battle Botnet-Driven Spam

Messaging Anti-Abuse Working Group (MAAWG) maps out best practices for nailing spam without accidentally blocking legitimate email

Dark Reading Staff, Dark Reading

June 26, 2008

2 Min Read
Dark Reading logo in a gray background | Dark Reading

ISPs from around the world have joined forces to kill spam: The Messaging Anti-Abuse Working Group (MAAWG), made up of ISPs, vendors, and anti-spam groups, this month agreed on methods to more easily identify botnet-driven spam and distinguish between legitimate forwarded email accounts and those used by spammers.

MAAWG has published two papers -- one outlining best practices for sharing dynamic IP address space among providers and another for ways to handle email forwarding.

"There have been industry discussions about sharing dynamic IP addresses for years, and even some proposals, but this paper represents the first time a sizeable group of ISPs have come together to agree on how to do it. The recommendations are another necessary step toward helping mailbox providers eliminate spam originating from botnets before it hits users' inboxes," said J.D. Falk, a member of the MAAWG Board member and director of product management for Return Path.

The IP address-sharing recommendations are aimed at making dynamic IP addresses more easily accessible to email service providers so they can better detect and shut down spam, which often uses dynamic IP addresses. The idea is to help them distinguish between valid email traffic and botnet-driven spam.

Email forwarding is another common botnet technique for moving spam. MAAWG also issued recommendations for helping ISPs separate spammers from legitimate users who deploy email forwarding services, and for avoiding inadvertently blocking legit accounts.

“Any address will attract some spam, and incoming traffic from a forwarded account that has been in use for years can look like a deluge of spam, causing an ISP to block it,” said Jordan Rosenwald, co-editor of the forwarding paper and Comcast manager of anti-abuse technologies. "Spammers also are developing new ways to use forwarded email to their advantage, so the steps outlined in this paper will provide savings for both forwarders and receivers, but more importantly, can help protect consumers from being unnecessarily and unintentionally blocked."

— Kelly Jackson Higgins, Senior Editor, Dark Reading

Read more about:

2008

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights