ISP wants to stop outgoing web based spam

• Previous message (by thread): ISP wants to stop outgoing web based spam
• Next message (by thread): fingerprinting and spam ID (was: Re: ISP wants to stop outgoing web based spam)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 11 Aug 2006 09:38:46 BST, Peter Corlett said:
> 
> On 10 Aug 2006, at 22:07, Barry Shein wrote:
> [...]
> > The vector for these has been almost purely Microsoft Windows.
> 
> I wonder. From the point of view of a MX host (as opposed to a  
> customer-facing smarthost), would TCP fingerprinting to identify the  
> OS and apply a weighting to the spam score be a viable technique?

That would depend entirely on how much business you do with companies
that are afflicted with Exchange servers for their mail service.  If you're
also dinging the host for non-adherence to RFCs, there's probably Exchange
boxes you'll never hear from again.  Whether this is good or bad depends on
your own personal religious convictions. ;)

Now, if it fingerprints as a Redmond product, and doesn't have the tell-tale
headers of having been through an Exchange server, that's gotta be worth
*several* points of weighing....

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20060811/cb953f77/attachment.sig>

• Previous message (by thread): ISP wants to stop outgoing web based spam
• Next message (by thread): fingerprinting and spam ID (was: Re: ISP wants to stop outgoing web based spam)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]