[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Software bashing [mostly OT, but on at the end]

To: Anti-Spam Research Group - IRTF <asrg at irtf.org>
Subject: Re: [Asrg] Software bashing [mostly OT, but on at the end]
From: Steve Atkins <steve at blighty.com>
Date: Fri, 23 Jan 2009 13:07:54 -0800
Delivered-to: ietfarch-asrg-web-archive at core3.amsl.com
Delivered-to: asrg at core3.amsl.com
In-reply-to: <200901232059.PAA13766 at Sparkle.Rodents-Montreal.ORG>
List-archive: <http://www.irtf.org/pipermail/asrg>
List-help: <mailto:asrg-request@irtf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-post: <mailto:asrg@irtf.org>
List-subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
List-unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
References: <4883162.311232739061145.JavaMail.franck at franck-martins-macbook-pro.local> <200901231954.OAA13439 at Sparkle.Rodents-Montreal.ORG> <497A26F2.9030009 at nortel.com> <200901232059.PAA13766 at Sparkle.Rodents-Montreal.ORG>
Reply-to: Anti-Spam Research Group - IRTF <asrg at irtf.org>
Sender: asrg-bounces at irtf.org

On Jan 23, 2009, at 12:46 PM, der Mouse wrote:

Now what happens to all the small businesses that use MS-Exchange
to send email?

[T]hey get a sharp lesson in [...] how a non-spammer looking enough
like a spammer will get treated like a spammer.

I see no more need to support direct-to-MX-from-Exchange [...]

Direct-to-MX-from-Exchange?  That's what it's _supposed_ to do.  It's
the MTA.


Right.  But it's an unusually badly behaved one.  Exchange is good
groupware with a bad MTA duct-taped onto the side.

ITYM: direct-to-MX-from-Outlook.


You think wrong.  Look enough like a spammer and you can expect to be
treated like a spammer, even if you're not.  Someone using Exchange as
a world-facing outgoing MTA may not be a spammer, but will be running

Windows on what to the rest of the world is an SMTP client. Thislooks

like a spammer from the perspective of this thread (which was about OS
fingerprinting of SMTP client hosts).  You wrote

There are some annoyances in Exchange, but true infections on
Exchange servers are extremely rare.

which, even if true, is pretty much irrelevant without some way totell

whether that Windows machine connecting to you is an Exchange outgoing
MTA or a direct-to-MX zombie.


Which is usually easy enough to tell by other approaches.

I see some legitimate email from Windows systems (Exchange, primarily,
but also a few others).

The majority of the spam I see in my inbox (which is filtered, but not
by anything that takes source address into account) comes, AFAICT,
from Linux boxes or email appliances (primarily linux based).

Compromised PHP boxes and spam coming from sources that emit
a mixture of spam and legitimate email dominate the traffic that
makes it to my inbox, AFAICT from a quick look.

Which doesn't tell me much, but does suggest that A) people blaming
Windows for all the net's ills may not be basing it on representative
traffic and B) research is likely useful, speculation probably isn't.

Cheers,
  Steve

_______________________________________________
Asrg mailing list
Asrg at irtf.org
http://www.irtf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] Software bashing [mostly OT, but on at the end]
  - From: Rich Kulawiec

References:
- Re: [Asrg] Software bashing [mostly OT, but on at the end]
  - From: Franck Martin
- Re: [Asrg] Software bashing [mostly OT, but on at the end]
  - From: der Mouse
- Re: [Asrg] Software bashing [mostly OT, but on at the end]
  - From: Chris Lewis
- Re: [Asrg] Software bashing [mostly OT, but on at the end]
  - From: der Mouse

Prev by Date: Re: [Asrg] Software bashing [mostly OT, but on at the end]
Next by Date: Re: [Asrg] Software bashing [mostly OT, but on at the end]
Previous by thread: Re: [Asrg] Software bashing [mostly OT, but on at the end]
Next by thread: Re: [Asrg] Software bashing [mostly OT, but on at the end]
Index(es):
- Date
- Thread