Don't Risk the Blacklist - Stop Outbound Spam Research shows 69% of service providers consider outbound spam to be their #1 problem. Customer loss, increased operational costs, brand damage, and even lawsuits are some of the possible consequences of spam emanating from your network. This webinar covers the problems caused by outbound spam, traditional approaches and why they don’t work, and recommend proven solutions to address outbound spam.

1. Outbound Spam:
Don’t Risk the Blacklist!
December 4, 2013

2. Agenda
 Introduction
 The Business Challenge of Outbound Spam
 The Limitations of Traditional Approaches
 The Commtouch Approach
 Summary
 Q&A

3. Poll Question #1

4. Outbound Spam is a Headache
 66% of providers rate outbound spam an
important or extremely important issue
 87% believe email providers must actively
eliminate zombies
 ~40% have had IPs blocked or blacklisted in
last 12 months
 49% report outbound spam is damaging their
corporate reputation
 56% of customers with email blocked due to
provider spam problems would switch to one
that does not block innocent users
Source: Osterman Research / Commtouch Outbound Spam Study

5. Poll Question #2

6. Outbound Spamming Methods
 Primary: acquire compromised user accounts
 A valid account, compromised by either an email or web attack
 Bot/Zombie is leveraged by external spammer to propagate spam
 Secondary: create user accounts just for spamming

7. Example: Top 10 Spam-Sending Domains
These domains could be blacklisted because they are being spoofed!
Source: Commtouch Distributed Spam Analysis, December 2013

8. Business Impact
 Blocked IP Ranges
• Appearing in IP reputation DBs
 Lost Revenue and Profit
• Removing addresses from blacklists
• Increased support for unhappy customers
• Customer churn
• Reputational damage
 Recurring Attacks
• Spamming continues at lower volumes

9. Poll Question #3

10. Limitations of Traditional Approaches
 Block port 25
 Disrupts legitimate usage
 Reverse Inbound Spam Filter
 Slow response to new outbreaks
 Ineffective locally and regionally
 Increased risk of false positives
 Throttling/Rate Limiting
 Spammers learn to send below the limit
These approaches are ineffective because they only
treat symptoms, not the underlying problem

11. About Commtouch
 NASDAQ: CTCH
 Established in 1991
 180 Employees
 Provider of Internet security technology
 14+ years SaaS operations
• Protecting ~550 million users
• 12+ Billion transactions per day
• 12 global datacenters
Headquartered in
McLean, VA
Other US Offices in
California and
Florida
International:
Germany, Iceland,
and Israel

12. Select Customers of Our Outbound Solution

13. The Unique Commtouch Approach
 Block based on global patterns
 Block using local patterns
 Manage approved users
 Identify and Report senders
Providing effective blocking and the information needed
to resolve the root cause of outbound spam

14. A Global Viewpoint

15. Leveraging the GlobalView Cloud
Infrastructure

10 Carrier grade data centers: US, Europe, Asia

Operational for over 14 years

Multiple collection nodes distributed worldwide
Collection & Analysis

Collecting/Analyzing 12 Billion Internet
transactions daily

RPD™ technology, multiple analysis engines
and 3rd party sources
Service platform

A unified platform for security applications

Protecting ~550 million users worldwide
Cloud

16. In an Embedded Deployment Model
 Service Integration via SDK
• Integrates directly into your infrastructure
• Simple to configure and deploy
• Stops Outbound Spam
• Identifies Compromised Legitimate Accounts
• Highlights Malicious Spam Accounts
 Simple, Easy Deployment
• Unzip Commtouch Daemon On MTA or Other Server
• Open .conf file and insert the license key and connection string
• Start running traffic

17. How Does it Work?
1
2
Local RPD
Analyze local traffic
Detect patterns
Store signatures
3
Service
Provider
Outbound
Spam
Engine
Global RPD
Analyze billions of global emails/day
Detect recurrent patterns
Store signatures of spam emails
Compare email signatures to
find global and local spam
Internet
 Uses the common characteristic of all spam - mass distribution
 Global RPD identifies outbreaks instantly by distribution patterns
 Local RPD detects based on local patterns with configurable thresholds

18. Identifying New and Well-Known Spam

19. Identifying Outbound Spam Accounts

20. Detailing Malicious vs. Compromised Accounts

21. Summary
 Outbound Spam causes significant issues and cost
 Traditional approaches yield poor results
 Commtouch OAS uniquely deals with outbound spam by:
• Blocking spam at source - even when unique to a network
• Pinpointing the accounts - whether compromised or pre-built
• Documenting the root cause
 OAS provides a comprehensive solution to:
• Avoid costly blacklisting
• Reduce customer churn
• Increase profitability

22. Testimonials
“Our customers now enjoy the very highest level of protection from
the nuisance of spam emails, without risk of having their critical
communications erroneously blocked” CTO – Web.com
“Spammers were using phished accounts to send spam from our
network. We needed a solution to recover compromised accounts,
block spammers and prevent our IP addresses from being blacklisted”
EVP, Hostway
“We have gone from being blacklisted every week, to not being
blacklisted at all for the last 18 months” SVP, Hoster

23. Thank You
http://www.commtouch.com/sp-outbound-spam-protection/