nanog mailing list archives

Re: ISP wants to stop outgoing web based spam

From: Valdis.Kletnieks () vt edu
Date: Fri, 11 Aug 2006 10:04:58 -0400

On Fri, 11 Aug 2006 09:38:46 BST, Peter Corlett said:


On 10 Aug 2006, at 22:07, Barry Shein wrote:
[...]

The vector for these has been almost purely Microsoft Windows.


I wonder. From the point of view of a MX host (as opposed to a  
customer-facing smarthost), would TCP fingerprinting to identify the  
OS and apply a weighting to the spam score be a viable technique?


That would depend entirely on how much business you do with companies
that are afflicted with Exchange servers for their mail service.  If you're
also dinging the host for non-adherence to RFCs, there's probably Exchange
boxes you'll never hear from again.  Whether this is good or bad depends on
your own personal religious convictions. ;)

Now, if it fingerprints as a Redmond product, and doesn't have the tell-tale
headers of having been through an Exchange server, that's gotta be worth
*several* points of weighing....

Attachment: _bin
Description:

Current thread:

Re: ISP wants to stop outgoing web based spam, (continued)
- - - Re: ISP wants to stop outgoing web based spam Hank Nussbacher (Aug 09)
    - Re: ISP wants to stop outgoing web based spam Sean Donelan (Aug 09)
    - Re: ISP wants to stop outgoing web based spam Suresh Ramasubramanian (Aug 09)
    - Re: ISP wants to stop outgoing web based spam Sean Donelan (Aug 09)
    - Re: ISP wants to stop outgoing web based spam Suresh Ramasubramanian (Aug 09)
    - Re: ISP wants to stop outgoing web based spam Sean Donelan (Aug 09)
    - Re: ISP wants to stop outgoing web based spam Suresh Ramasubramanian (Aug 09)
    - Re: ISP wants to stop outgoing web based spam Sean Donelan (Aug 10)
    - Re: ISP wants to stop outgoing web based spam Barry Shein (Aug 10)
    - Re: ISP wants to stop outgoing web based spam Peter Corlett (Aug 11)
    - Re: ISP wants to stop outgoing web based spam Valdis . Kletnieks (Aug 11)
    - fingerprinting and spam ID (was: Re: ISP wants to stop outgoing web based spam) Steven Champeon (Aug 11)
    - Re: fingerprinting and spam ID (was: Re: ISP wants to stop outgoing web based spam) Ken Simpson (Aug 11)
    - Re: fingerprinting and spam ID Petri Helenius (Aug 12)
    - Re: ISP wants to stop outgoing web based spam Ken Simpson (Aug 11)
    - Message not available
    - Re: ISP wants to stop outgoing web based spam Ken Simpson (Aug 11)
    - Re: ISP wants to stop outgoing web based spam Florian Weimer (Aug 10)
    - Re: ISP wants to stop outgoing web based spam Suresh Ramasubramanian (Aug 10)
  - Re: ISP wants to stop outgoing web based spam Ken Simpson (Aug 09)
  - Re: ISP wants to stop outgoing web based spam Florian Weimer (Aug 10)
    - Re: ISP wants to stop outgoing web based spam Hank Nussbacher (Aug 10)

(Thread continues...)