1. Survey
    1. Introduce myself
    2. How many people do Unix/NT admin work part of their time?
    3. How many people do Unix/NT admin work > 50% of the time?

  2. Favorite quote, by "Max Smetannikov"
    1. Realize crowd is friendly
    2. (read it)
    3. Utilize quote whenever sales/senior management says we need to change our spam policy or AUP

  3. Things I’ll be talking about today
    1. With respect to a solution to spam, many people seem to throw their hands into the air
    2. ZipLink cannot afford to go easy on spam
    3. Ask anyone here from Savvis or UUNET how many times they have threatened to shut egress down

  4. A little bit about what we do
    1. competitors: Splitrock, Navipath, AGIS, MegaPOP/Starnet
    2. customers: WebTV, Firstup (AltaVista), Spinway (Kmart), etc.
    3. spam is a common wholesaler problem

  5. Objectives
    1. No solution is perfect; 80% achievable
    2. Reason we use layer 4 switches – to minimize impact on everyone
    3. All those "ables"; let ISP customer control their own destiny IF they don’t screw it up!

  6. Not many existing solutions
    1. They all work
    2. RAS filters not manageable with 500 ISP’s
    3. RAS filters decrease blade performance

  7. No solution addresses outbound spam
    1. No perfect solution
    2. Idea of "message metering" only documented in Paul Vixie’s page; no solution
    3. What is spam but lots of messages sent during a short time period?

  8. Big picture - explain

  9. Getting RADIUS data into SQL database
    1. Reason for this is to enable per user and per realm quotas
    2. Could be implemented without RADIUS, for example enterprise utilizing DHCP
    3. Low overhead!
  10. Path of mail message
    1. End user sends message
    2. Layer 4 switch redirects to quota checking mail relays
    3. Mail quota relays ensure user hasn’t exceed quotas and forwards to customer mail relay
    4. Customer mail relay sends it to final destination

  11. What is happening in these quota checking mail relays?
    1. all changes localized to SMTPD; no changes to sendmail!
    2. (explain)
    3. Picked SMTPD because it runs as a daemon and less restrictive license

  12. Configureability
    1. Reason we put RADIUS data into database
    2. 2 metering checks are made; for example, could check per hour and per 24 hours
    3. Thought about using a 500 series error, but thought that a 400 series message would be more damaging to the spammer

  13. Miscellaneous notes
    1. Some people have a legitimate need to send large amounts of mail
    2. ISP can abuse this, but we’ll take it away
    3. Failure mode is important

  14. Nothing is perfect
    1. AUP still required
    2. End user can spam if ISP customer allows it (we’ll take away ISP’s ability to control)
    3. No way to allow individual end customer use own mail relay (ie business user); not sure if this will be a problem or not
    4. Layer 4 switch is the toughest part of the problem to solve!
    5. Electronic Frontier Foundation or Center for Democracy and Technology probably won’t like this

  15. In conclusion
    1. My page has a few anti spam related resources; I’d love to hear your feedback on our solution!
    2. Web sites I’ve mentioned
    3. Post slides on my web page
    4. Questions/comments?