[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Software bashing [mostly OT, but on at the end]

To: "Anti-Spam Research Group - IRTF" <asrg at irtf.org>
Subject: Re: [Asrg] Software bashing [mostly OT, but on at the end]
From: "John Johnson" <jjohnson at jdmc.org>
Date: Fri, 23 Jan 2009 15:15:12 -0600
Delivered-to: ietfarch-asrg-archive at core3.amsl.com
Delivered-to: asrg at core3.amsl.com
In-reply-to: <4055894.411232744096736.JavaMail.franck at franck-martins-macbook-pro.local>
List-archive: <http://www.irtf.org/pipermail/asrg>
List-help: <mailto:asrg-request@irtf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-post: <mailto:asrg@irtf.org>
List-subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
List-unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
References: <4055894.411232744096736.JavaMail.franck at franck-martins-macbook-pro.local>
Reply-to: Anti-Spam Research Group - IRTF <asrg at irtf.org>
Sender: asrg-bounces at irtf.org
User-agent: Thunderbird 2.0.0.19 (X11/20081209)

Franck Martin wrote:
> I cannot get to the first link
>   
   My apologies, sent attachment off-list.
    
> for the second link, this is grey listing, so nothing new here
>
> To be noted I see now that infected machines will send several times the same message to the same email.
>   
  That's one of the points in the paper - an infected bot will attempt
to send From: many different
   addresses without retrying the initial  To: target. It'll happy
provide many domains that it's
   from.
> So I think the spammers are now fighting greylisting, and greylisting is becoming less and less effective.
>   

  It would appear that OS fingerprinting WITH greylisting is an
effective tool to research. It may be
  one of those short term bandaids, but worthy of looking at.
> I kind of like the idea of OS fingerprinting, anyone has a working filter?
>   

_______________________________________________
Asrg mailing list
Asrg at irtf.org
http://www.irtf.org/mailman/listinfo/asrg

References:
- Re: [Asrg] Software bashing [mostly OT, but on at the end]
  - From: Franck Martin

Prev by Date: Re: [Asrg] Software bashing [mostly OT, but on at the end]
Next by Date: Re: [Asrg] Software bashing [mostly OT, but on at the end]
Previous by thread: Re: [Asrg] Software bashing [mostly OT, but on at the end]
Next by thread: Re: [Asrg] Software bashing [mostly OT, but on at the end]
Index(es):
- Date
- Thread