ISP wants to stop outgoing web based spam

• Previous message (by thread): fingerprinting and spam ID
• Next message (by thread): ISP wants to stop outgoing web based spam
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On 10 Aug 2006, at 22:07, Barry Shein wrote:
> [...]
> >The vector for these has been almost purely Microsoft Windows.
> 
> I wonder. From the point of view of a MX host (as opposed to a  
> customer-facing smarthost), would TCP fingerprinting to identify the  
> OS and apply a weighting to the spam score be a viable technique?

We have been doing that in our traffic shaping SMTP transport for a
while now. We have found a 95% correlation between spam sources and
Windows hosts. If you drill down to specific versions of Windows, the
correlation is even higher.

For _blocking_ connections (as opposed to, say, just slowing them
down), you must combine host type with reputation information.

Regards,
Ken

-- 
MailChannels: Reliable Email Delivery (TM) | http://mailchannels.com

--
Suite 203, 910 Richards St.
Vancouver, BC, V6B 3C1, Canada
Direct: +1-604-729-1741

• Previous message (by thread): fingerprinting and spam ID
• Next message (by thread): ISP wants to stop outgoing web based spam
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]