Announcement

Collapse
No announcement yet.

Outgoing SPAM Needs to be Controlled

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Outgoing SPAM Needs to be Controlled

    Hi,

    Problem Statement: Mail Server IPs get blacklist frequently.

    Reason: Users responds to phising emails resulting in compromised accounts. Compromised accounts are used to trigger SPAM mails resulting our mails server IPs getting blacklisted.

    Challanges:
    1. Nature of business does not allow to control the user machines to be protected.
    2. User Education does not help as user base is huge and it is not possible to educate all of them.
    3. Although Anti-spam solution is in place but it does not control the outgoing SPAMs effectively as the source is internal, reliable and authenticated also..

    Solution: That is what is being looked for
    Kapil Sharma
    ~~~~~~~~~~~~~
    Life is too short, Enjoy It.

  • #2
    Re: Outgoing SPAM Needs to be Controlled

    Install a solution that checks outgoing spam.

    We use 2 systems to check ours.

    BTW if your system is sending spam out from internal then i'd be disconnecting them from the internet and disinfecting them as you will no doubt have a virus or malware installation on a machine somewhere.

    Comment


    • #3
      Re: Outgoing SPAM Needs to be Controlled

      Thanks for the response.

      1. There are 70k users and we work on bring your own device policy. None of the user's machine is controlled centrally hence there are chances that user's machine might be infected. So controlling the malware or other suspicious program at user level is out of the question. We are only left with the option to control SPAM at exchange level. (I know it is stupid but no choice against business decision..)

      2. We already use Trend but does not seems to be very effective. Is there any recommended product?
      Kapil Sharma
      ~~~~~~~~~~~~~
      Life is too short, Enjoy It.

      Comment


      • #4
        Re: Outgoing SPAM Needs to be Controlled

        Get a dedicated device installed.

        We use a Barracuda Spam Firewall to control our incoming email and a MailMarshal server to control out outgoing email.

        Not to be a pain but seriously you need to speak to management and get systems in place that control who accesses your network with own devices. You really should have some sort of policy that will not allow a user to access the network without some up to date AV protection installed.

        Else start looking at systems like VMware View where users check out a system and use that for the work day rather than using their own laptops.

        What you have at the moment is unbelievably crazy in my opinion and needs to be rectified ASAP.

        Comment


        • #5
          Re: Outgoing SPAM Needs to be Controlled

          Also how do your users connect to exchange??

          Are you absolutely sure that the spam is coming from the exchange server and not direct from a users PC??

          Have you restricted your firewall to send email only from the relevant email server???

          Can you please outline exactly what you have done to verify that your exchange server is indeed spamming.

          Comment


          • #6
            Re: Outgoing SPAM Needs to be Controlled

            block all outgoing SMTP, or force it through a transparent proxy.
            that way, at least you can identify the hosts sending spam, and block them from your network as a whole until they fix it.

            Sure, you might be running BYOD, but it's pretty simple.. "we allow you to use your own computer but it's your responsibility to keep it clean and not impact our network. we reserve the right to block your device when it impacts our network, until such time as you clean it. It is your responsibility to clean it. If you ask us to clean it, we may charge-back the cost of cleaning to you."
            Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

            Comment


            • #7
              Re: Outgoing SPAM Needs to be Controlled

              Originally posted by kapilsharma11 View Post
              Thanks for the response.

              1. There are 70k users and we work on bring your own device policy. None of the user's machine is controlled centrally hence there are chances that user's machine might be infected. So controlling the malware or other suspicious program at user level is out of the question. We are only left with the option to control SPAM at exchange level. (I know it is stupid but no choice against business decision..)

              2. We already use Trend but does not seems to be very effective. Is there any recommended product?
              I have a hard time believing that a company of 70k users has adopted a BYOD policy and has no strategic controls for ensuring network security. If this is the case then you are only combating a symptom of your problem rather than dealing with the underlying root cause. If you do believe your mail servers are relaying SPAM then your network by default is compromised and you'll have a very tough time getting yourself de-listed as the problem is likely to reoccur. Adding an anti-spam solution is going to do little in the way of dealing with the potentially compromised nodes, accounts, servers etc. You'll be hard pressed to find any product that's going to provide the effectiveness you're expecting with a user base/network of that size. What you need is a 'solution' to the problem, that covers the entire scope of your business related issue which would require management buy-in and approval.

              Comment


              • #8
                Re: Outgoing SPAM Needs to be Controlled

                I heartily concur with scurlaruntings here. Find the source of the spam and deal with it there, and get proper acceptable use policies in place for BYOD, or ditch BYOD if your users can't behave or won't comply.

                To be blunt, anyone allowing 70K users to BYOD without putting policies and procedures in place first is an idiot who doesn't know what they are doing. As a minimum I would want to enforce central AV/Anti-Malware and also NAP to prevent exactly this sort of scenario.
                BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
                sigpic
                Cruachan's Blog

                Comment

                Working...
                X