We are carrying out setup tests on the duplication of outgoing email flow.
The idea is to duplicate all the traffic created by customers, going out
through port 25 (smtp) on an anti-spam network, and then to analyse the sample of
emails leaving our network in real time by IP, in order to control
whether the IP sends spam or not.
If we detect an IP that does send spam, the aim is to be able to block the
flow of (only) port 25, in less than 5 seconds after spam is first detected.
All this without affecting the service performance for the customers
that do not spam.
In actual fact, we have far too many spam issues and it isn't enough to shutdown the
servers a few hours after having detected the spam. It's too late.
It must be done in real time and must be able to block the flow in a matter of
seconds. So we are thinking of how to successfully cleanse our network of spammers
(who can order servers like everyone else, in just a few minutes)
Date: 2013-06-19 11:37:18 UTC We are thinking of launching the R&D in a few days,
the time it will take to build the server powerful
enough to perform all analysis operations locally,
then extracting only the stats on the amount of spam by IP.
Date: 2013-06-17 14:26:39 UTC The duplication of outgoing smtp flow has been set up.