[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Software bashing [mostly OT, but on at the end]

To: Anti-Spam Research Group - IRTF <asrg at irtf.org>
Subject: Re: [Asrg] Software bashing [mostly OT, but on at the end]
From: Franck Martin <franck at avonsys.com>
Date: Sat, 24 Jan 2009 08:55:12 +1200 (FJT)
Delivered-to: ietfarch-asrg-web-archive at core3.amsl.com
Delivered-to: asrg at core3.amsl.com
In-reply-to: <8147302.391232744014604.JavaMail.franck at franck-martins-macbook-pro.local>
List-archive: <http://www.irtf.org/pipermail/asrg>
List-help: <mailto:asrg-request@irtf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-post: <mailto:asrg@irtf.org>
List-subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
List-unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
Reply-to: Anti-Spam Research Group - IRTF <asrg at irtf.org>
Sender: asrg-bounces at irtf.org

I cannot get to the first link

for the second link, this is grey listing, so nothing new here

To be noted I see now that infected machines will send several times the same message to the same email.

So I think the spammers are now fighting greylisting, and greylisting is becoming less and less effective.

I kind of like the idea of OS fingerprinting, anyone has a working filter?

----- Original Message -----
From: "John Johnson" <jjohnson at jdmc.org>
To: "Anti-Spam Research Group - IRTF" <asrg at irtf.org>
Sent: Saturday, 24 January, 2009 8:19:34 AM (GMT+1200) Auto-Detected
Subject: Re: [Asrg] Software bashing [mostly OT, but on at the end]

Franck Martin wrote:
> This seems an interesting thread and an interesting way of fighting spam.
>
> Can we get more info and stats on the correlation of spam and fingerprinting of the OS?
>
> We are a research group after all.
>
> Now what happens to all the small businesses that use MS-Exchange to send email?
>   

Please take a look at the following paper - it appears it would impact
MS-Exchange less than you would imagine.

http://www.sans.org/reading_room/whitepapers/email/zombie_profiling_with_smtp_greylisting_33008

for a working sendmail specific milter example, I found this interesting:

http://www.elandsys.com/scam/


_______________________________________________
Asrg mailing list
Asrg at irtf.org
http://www.irtf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg at irtf.org
http://www.irtf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] greylisting, was Software bashing
  - From: John Levine
- Re: [Asrg] Software bashing [mostly OT, but on at the end]
  - From: Rich Kulawiec
- Re: [Asrg] Software bashing [mostly OT, but on at the end]
  - From: John Johnson

Prev by Date: Re: [Asrg] Software bashing [mostly OT, but on at the end]
Next by Date: Re: [Asrg] Software bashing [mostly OT, but on at the end]
Previous by thread: [Asrg] About that e-postage draft [POSTAGE]
Next by thread: Re: [Asrg] Software bashing [mostly OT, but on at the end]
Index(es):
- Date
- Thread