North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ISP wants to stop outgoing web based spam

  • From: Valdis . Kletnieks
  • Date: Fri Aug 11 10:06:33 2006

On Fri, 11 Aug 2006 09:38:46 BST, Peter Corlett said:
> On 10 Aug 2006, at 22:07, Barry Shein wrote:
> [...]
> > The vector for these has been almost purely Microsoft Windows.
> I wonder. From the point of view of a MX host (as opposed to a  
> customer-facing smarthost), would TCP fingerprinting to identify the  
> OS and apply a weighting to the spam score be a viable technique?

That would depend entirely on how much business you do with companies
that are afflicted with Exchange servers for their mail service.  If you're
also dinging the host for non-adherence to RFCs, there's probably Exchange
boxes you'll never hear from again.  Whether this is good or bad depends on
your own personal religious convictions. ;)

Now, if it fingerprints as a Redmond product, and doesn't have the tell-tale
headers of having been through an Exchange server, that's gotta be worth
*several* points of weighing....

Attachment: pgp00005.pgp
Description: PGP signature