Spam is responsible for most of the reports service provider abuse teams face, and there has been a sharp upturn in the number of unsolicited emails containing malicious attachments.
Malicious attachments range from the classic .EXE file and office documents (.DOC, .DOCX, .XLS, .RTF) containing embedded malicious macros, to programs written in Java and JavaScript. Battling spam has become a time-intensive process at the network server level, and a problem for service providers when their clients end up on blacklists.
Follow these steps to help fight spam from inside your network:
See also: The Internal Cyber Security Benefits Of Effective Abuse Handling
Step 1: Implement Spam Software Protection
Many software packages are available to help fight spam, but using these to battle it from inside your network can be problematic. Server-based anti-spam software is a better option, as it can be installed at the gateway and avoids the administration hassles associated with computer-based products. This type of software also has far more information at its disposal and can detect spam more effectively.
Step 2: Learn How To Detect And Deal With Compromised Hosts
A compromised host is relatively easy to detect. Look for a high volume of outbound traffic that does not come from one of your MTA IP addresses and passes through port 25 to thousands of email addresses and locations. If you have detected one compromised host, there will be more – most malware looks for other vulnerable hosts in your network. Once you have detected the abuse, immediately contact your client to alert them and advise them to clean their machine using multiple AVs and malware scrubbers; if one tool misses something, the others will pick it up.
Help prevent compromised hosts on your network by deploying Honey Pots in your server environment to gather information regarding an attacker or intruder in your system in order to handle their abuse faster. Honey Pot Systems can be set up inside, outside, or in the DMZ of a firewall design. It is important to remember that Honey Pots should not replace your traditional security systems, they are an additional layer of protection.
Step 3: Use best practices on IPv6 networks
With IPv6, each customer and each website should have their own unique address. This makes it far easier to track the source of abuse and block the offending customer, without blocking everyone else on the same host.
See also: Network Intrusion: The Importance Of Prioritizing Your Network Abuse Categories
Step 4: Educate your customers
Fighting spam from within your network starts with educating your customers. Instruct them to use complex passwords and two-factor authentications. Maintain a password history for every client to maintain absolute control. Lastly, restrict new customers’ rights to your network and only grant them wider access as your trust grows. Restrictions can include server creation, new domain creation, bandwidth increases, and API access.
Step 5: Subscribe to Feedback Loops
Sign up for as many Feedback Loop reports and other sources of data as possible to avoid Blacklistings. This will prevent any reputational damage and help your abuse team proactively deal with any compromised clients. Over time, if everything is working correctly, the number of blacklistings should become less. This reduction in blacklistings is a good indicator of the quality of your spam handling.
Step 6: Fight spam and all other types of abuse with specialist products
Companies like Abusix have specialist products like AbuseHQ, which create abuse reports that reveal insights buried with your network. Abusix Data Services ensure the highest levels of anti-spam quality and accuracy and are used by Kaspersky to continuously tune their anti-spam algorithms. Blackhole. mx by Abusix is a free crowdsourcing-based service that helps professionals fight spam. By pointing your unused domains to the black hole system, you become part of the community to fight spam.
For more information on how Abusix can help you fight spam from inside your network, get in touch with a network abuse specialist.