ISP wants to stop outgoing web based spam
Ken Simpson
ksimpson at mailchannels.com
Fri Aug 11 16:02:26 UTC 2006
> On 10 Aug 2006, at 22:07, Barry Shein wrote:
> [...]
> >The vector for these has been almost purely Microsoft Windows.
>
> I wonder. From the point of view of a MX host (as opposed to a
> customer-facing smarthost), would TCP fingerprinting to identify the
> OS and apply a weighting to the spam score be a viable technique?
We have been doing that in our traffic shaping SMTP transport for a
while now. We have found a 95% correlation between spam sources and
Windows hosts. If you drill down to specific versions of Windows, the
correlation is even higher.
For _blocking_ connections (as opposed to, say, just slowing them
down), you must combine host type with reputation information.
Regards,
Ken
--
MailChannels: Reliable Email Delivery (TM) | http://mailchannels.com
--
Suite 203, 910 Richards St.
Vancouver, BC, V6B 3C1, Canada
Direct: +1-604-729-1741
More information about the NANOG
mailing list