[91750] in North American Network Operators' Group
Re: ISP wants to stop outgoing web based spam
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Fri Aug 11 10:05:44 2006
To: Peter Corlett <abuse@cabal.org.uk>
Cc: Barry Shein <bzs@world.std.com>, nanog@merit.edu
In-Reply-To: Your message of "Fri, 11 Aug 2006 09:38:46 BST."
<9E67A682-4919-4A58-96F7-D96882244158@cabal.org.uk>
From: Valdis.Kletnieks@vt.edu
Date: Fri, 11 Aug 2006 10:04:58 -0400
Errors-To: owner-nanog@merit.edu
--==_Exmh_1155305098_3515P
Content-Type: text/plain; charset=us-ascii
On Fri, 11 Aug 2006 09:38:46 BST, Peter Corlett said:
>
> On 10 Aug 2006, at 22:07, Barry Shein wrote:
> [...]
> > The vector for these has been almost purely Microsoft Windows.
>
> I wonder. From the point of view of a MX host (as opposed to a
> customer-facing smarthost), would TCP fingerprinting to identify the
> OS and apply a weighting to the spam score be a viable technique?
That would depend entirely on how much business you do with companies
that are afflicted with Exchange servers for their mail service. If you're
also dinging the host for non-adherence to RFCs, there's probably Exchange
boxes you'll never hear from again. Whether this is good or bad depends on
your own personal religious convictions. ;)
Now, if it fingerprints as a Redmond product, and doesn't have the tell-tale
headers of having been through an Exchange server, that's gotta be worth
*several* points of weighing....
--==_Exmh_1155305098_3515P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFE3I6KcC3lWbTT17ARAkImAKC7m5P1/9rF7YNhaKWtzy4Q2Ri2MgCgwPLb
aB5MHXN+a15WG2UW4f9btnA=
=/EJ8
-----END PGP SIGNATURE-----
--==_Exmh_1155305098_3515P--
