Re: ISP wants to stop outgoing web based spam

• From: Ken Simpson
• Date: Fri Aug 11 12:04:50 2006

> On 10 Aug 2006, at 22:07, Barry Shein wrote:
> [...]
> >The vector for these has been almost purely Microsoft Windows.
> 
> I wonder. From the point of view of a MX host (as opposed to a  
> customer-facing smarthost), would TCP fingerprinting to identify the  
> OS and apply a weighting to the spam score be a viable technique?

We have been doing that in our traffic shaping SMTP transport for a
while now. We have found a 95% correlation between spam sources and
Windows hosts. If you drill down to specific versions of Windows, the
correlation is even higher.

For _blocking_ connections (as opposed to, say, just slowing them
down), you must combine host type with reputation information.

Regards,
Ken

-- 
MailChannels: Reliable Email Delivery (TM) | http://mailchannels.com

--
Suite 203, 910 Richards St.
Vancouver, BC, V6B 3C1, Canada
Direct: +1-604-729-1741

• References:
  • Re: ISP wants to stop outgoing web based spam Ken Simpson
  • Re: ISP wants to stop outgoing web based spam Joe Abley
  • Re: ISP wants to stop outgoing web based spam Ken Simpson
  • Re: ISP wants to stop outgoing web based spam Hank Nussbacher
  • Re: ISP wants to stop outgoing web based spam Sean Donelan
  • Re: ISP wants to stop outgoing web based spam Suresh Ramasubramanian
  • Re: ISP wants to stop outgoing web based spam Sean Donelan
  • Re: ISP wants to stop outgoing web based spam Suresh Ramasubramanian
  • Re: ISP wants to stop outgoing web based spam Barry Shein
  • Re: ISP wants to stop outgoing web based spam Peter Corlett

• Prev by Date: Re: SORBS Contact
• Next by Date: New Laptop Polices
• Date Index
• Thread Index
• Author Index
• Historical