North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ISP wants to stop outgoing web based spam

  • From: Ken Simpson
  • Date: Fri Aug 11 12:04:50 2006

> On 10 Aug 2006, at 22:07, Barry Shein wrote:
> [...]
> >The vector for these has been almost purely Microsoft Windows.
> I wonder. From the point of view of a MX host (as opposed to a  
> customer-facing smarthost), would TCP fingerprinting to identify the  
> OS and apply a weighting to the spam score be a viable technique?

We have been doing that in our traffic shaping SMTP transport for a
while now. We have found a 95% correlation between spam sources and
Windows hosts. If you drill down to specific versions of Windows, the
correlation is even higher.

For _blocking_ connections (as opposed to, say, just slowing them
down), you must combine host type with reputation information.


MailChannels: Reliable Email Delivery (TM) |

Suite 203, 910 Richards St.
Vancouver, BC, V6B 3C1, Canada
Direct: +1-604-729-1741