North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: ISP wants to stop outgoing web based spam
> On 10 Aug 2006, at 22:07, Barry Shein wrote: > [...] > >The vector for these has been almost purely Microsoft Windows. > > I wonder. From the point of view of a MX host (as opposed to a > customer-facing smarthost), would TCP fingerprinting to identify the > OS and apply a weighting to the spam score be a viable technique? We have been doing that in our traffic shaping SMTP transport for a while now. We have found a 95% correlation between spam sources and Windows hosts. If you drill down to specific versions of Windows, the correlation is even higher. For _blocking_ connections (as opposed to, say, just slowing them down), you must combine host type with reputation information. Regards, Ken -- MailChannels: Reliable Email Delivery (TM) | http://mailchannels.com -- Suite 203, 910 Richards St. Vancouver, BC, V6B 3C1, Canada Direct: +1-604-729-1741
|