• September 9

SMTP Lockdown: Protect Your Reputation

Click here to read “SMTP Lockdown: Inbound Protection (Part I)”

Thrive Tech Blog - SMTP Lockdown - Stop Spam BotnetsIn SMTP Lockdown: Inbound Protection, we discussed controlling who can send email into a mail server. In an effort to reduce spam and avoid being blacklisted or labeled as a spammer, it is equally important to restrict who can send email OUT from a domain. Why? Because if SMTP traffic can flow freely outwards from anywhere on the internal network, a spammer doesn’t necessarily need access to your mail server. And if the domain’s IPs are seen generating abundant amount of Spam SMTP traffic, those IPs and their respective domain name may become Blacklisted (i.e. other email servers will not accept your email anymore).

Spambots and You

Now that inbound SMTP is locked down and nobody can relay off of the mail server, can Spammers still take advantage of your domain? Well, do the employees use the Internet? In most cases, the answer is a “Yes”. Unless HTTP traffic is very thoroughly monitored AND all client Antivirus definitions are in tip-top shape (a whole different article entirely…), then those users and their workstations are vulnerable to become Spammers.

Users Becoming Spammers

A user may browse to their favorite social networking site, get a pop up, and click a link they shouldn’t have. Suddenly, a small program known as a Spambot installs. The Spambot may attempt to harvest email addresses from its infected host. It may also seek to infect other machines and create a Spam BotNet. A Spam BotNet on a network will search for open Port 25 connections and try to send outbound Spam messages by relaying off machines running SMTP.

If you have properly locked down the mail server so that no IPs (or strictly controlled ones) can relay off of it and take the extra step of only allowing Outbound Port 25 traffic from the mail server at the Firewall, this BotNet will not be able to relay off the mail server. Only the mail server will be able to send email out and your domain’s IP addresses will remain in good standing. That being said, there would certainly still be some internal cleanup to do if a Botnet is installed. However, at least it wouldn’t be your Internet domain reputation that suffers.




Comments

  1. Frank February 19th

    Comment Arrow

    For anyone who wants to know if their ISP is blocking outbound port 25 check the online test at http://port25.icannotconnect.com


  2. red led grow lights April 17th

    Comment Arrow

    After looking at a number of the articles on your blog, I honestly like your way of writing a blog. I book marked it to my bookmark website list and will be checking back soon. Take a look at my web site too and tell me what you think.


Add Yours

  • Author Avatar

    YOU


Comment Arrow




About Author

Graham O

NOC Engineer - At Thrive since November 2006