[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Software bashing [mostly OT, but on at the end]

To: Anti-Spam Research Group - IRTF <asrg at irtf.org>
Subject: Re: [Asrg] Software bashing [mostly OT, but on at the end]
From: "Chris Lewis" <clewis at nortel.com>
Date: Fri, 23 Jan 2009 15:22:10 -0500
Delivered-to: ietfarch-asrg-archive at core3.amsl.com
Delivered-to: asrg at core3.amsl.com
In-reply-to: <200901231954.OAA13439 at Sparkle.Rodents-Montreal.ORG>
List-archive: <http://www.irtf.org/pipermail/asrg>
List-help: <mailto:asrg-request@irtf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-post: <mailto:asrg@irtf.org>
List-subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
List-unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
Organization: Nortel
References: <4883162.311232739061145.JavaMail.franck at franck-martins-macbook-pro.local> <200901231954.OAA13439 at Sparkle.Rodents-Montreal.ORG>
Reply-to: Anti-Spam Research Group - IRTF <asrg at irtf.org>
Sender: asrg-bounces at irtf.org
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.19) Gecko/20081209 Lightning/0.9 Thunderbird/2.0.0.19 Mnenhy/0.7.5.666

der Mouse wrote:
>> Now what happens to all the small businesses that use MS-Exchange to
>> send email?
> 
> The same thing that happens if they unwittingly pick someone on ROSKO
> for a mailout house: they get a sharp lesson in why due diligence is
> not only good but damn near essential, and how a non-spammer looking
> enough like a spammer will get treated like a spammer.
> 
> I see no more need to support direct-to-MX-from-Exchange (or any other
> package that evidences Exchange's level of imperviousness to
> mail-handling clue) than to support an
> unwitting-and-otherwise-legitimate client of a spam-for-hire house.

Direct-to-MX-from-Exchange?  That's what it's _supposed_ to do.  It's
the MTA.  There are some annoyances in Exchange, but true infections on
Exchange servers are extremely rare.

ITYM: direct-to-MX-from-Outlook.  AFAIK Outlook _can't_ do direct-to-MX,
because it doesn't have the MX lookup code for it.  In fact, if you know
how to detect what _would_ be direct-to-MX from Outlook, it's a good
filtering rule.

[High volume/long term experience:  Moderate to high return at times,
zero FPs.  Tho, obviously, you shouldn't apply this on your outbound
submission servers!!!!!]

This probably applies to most other MUAs - they can't MX no matter what.

Our experience indicates that MTA servers, of _any_ flavour or O/S, are
seldom infected with anything viral or wormlike.  This is largely due to
the fact that "ordinary users" are virtually never reading or browsing
on the server, and the vast majority of current worm/viral compromises
require one or the other.

[Tho, in the face of a network spreader like SQLSlammer, all bets are off.]

Exchange may be worse than some other O/S/MTA combinations, but not by a
lot.  It's subject to sloppy admin/config, but so is everything else.

The real issue with "compromised" Exchange (or any other MTA) is more
things like poorly chosen passwords, not worm/viral.  Not exclusive to
windows by any stretch.
_______________________________________________
Asrg mailing list
Asrg at irtf.org
http://www.irtf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] Software bashing [mostly OT, but on at the end]
  - From: der Mouse

References:
- Re: [Asrg] Software bashing [mostly OT, but on at the end]
  - From: Franck Martin
- Re: [Asrg] Software bashing [mostly OT, but on at the end]
  - From: der Mouse

Prev by Date: Re: [Asrg] Software bashing [mostly OT, but on at the end]
Next by Date: Re: [Asrg] Software bashing [mostly OT, but on at the end]
Previous by thread: Re: [Asrg] Software bashing [mostly OT, but on at the end]
Next by thread: Re: [Asrg] Software bashing [mostly OT, but on at the end]
Index(es):
- Date
- Thread