[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Software bashing [mostly OT, but on at the end]

To: Anti-Spam Research Group - IRTF <asrg at irtf.org>
Subject: Re: [Asrg] Software bashing [mostly OT, but on at the end]
From: "Chris Lewis" <clewis at nortel.com>
Date: Fri, 23 Jan 2009 16:41:29 -0500
Delivered-to: ietfarch-asrg-archive at core3.amsl.com
Delivered-to: asrg at core3.amsl.com
In-reply-to: <200901232059.PAA13766 at Sparkle.Rodents-Montreal.ORG>
List-archive: <http://www.irtf.org/pipermail/asrg>
List-help: <mailto:asrg-request@irtf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-post: <mailto:asrg@irtf.org>
List-subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
List-unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
Organization: Nortel
References: <4883162.311232739061145.JavaMail.franck at franck-martins-macbook-pro.local> <200901231954.OAA13439 at Sparkle.Rodents-Montreal.ORG> <497A26F2.9030009 at nortel.com> <200901232059.PAA13766 at Sparkle.Rodents-Montreal.ORG>
Reply-to: Anti-Spam Research Group - IRTF <asrg at irtf.org>
Sender: asrg-bounces at irtf.org
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.19) Gecko/20081209 Lightning/0.9 Thunderbird/2.0.0.19 Mnenhy/0.7.5.666

der Mouse wrote:
>>>> Now what happens to all the small businesses that use MS-Exchange
>>>> to send email?
>>> [T]hey get a sharp lesson in [...] how a non-spammer looking enough
>>> like a spammer will get treated like a spammer.
> 
>>> I see no more need to support direct-to-MX-from-Exchange [...]
> 
>> Direct-to-MX-from-Exchange?  That's what it's _supposed_ to do.  It's
>> the MTA.
> 
> Right.  But it's an unusually badly behaved one.  Exchange is good
> groupware with a bad MTA duct-taped onto the side.

That was true of archaic Exchange implementations.  Eg: the infamous
"Exchange 5" (aka IIS 5).  As was Sun Sendmail SMI 4.1.

But, reasonably recent Exchange is just fine in SMTP.

A consumer level site may see a different mix of MTAs than we do, but
it's been our experience that Exchange as an outbound is generally not a
problem, and we see lots of perfectly legit email from Exchange servers.

Many small-to-medium businesses lack the expertise to run something else.

I wouldn't dream of blocking an email based on a p0f signature of
"Windows" (tho, maybe Win95, 98 ;-) I'd score it.

> And if there were some way to identify Exchange, all its getting a free
> pass would mean would be that bitnet herders would mass-install
> Exchange on their zombies and send through it - or, perhaps even more
> likely, just forge whatever Exchange indicator(s) get(s) widely used.

If there was some way to identify windows via passive O/S
fingerprinting, all that giving anything else a free[r] pass would mean
that the botnet herders would get something to fake that something else.

Hint: it's already in BOTs.  And that's _all_ I'm going to say about that.
_______________________________________________
Asrg mailing list
Asrg at irtf.org
http://www.irtf.org/mailman/listinfo/asrg

References:
- Re: [Asrg] Software bashing [mostly OT, but on at the end]
  - From: Franck Martin
- Re: [Asrg] Software bashing [mostly OT, but on at the end]
  - From: der Mouse
- Re: [Asrg] Software bashing [mostly OT, but on at the end]
  - From: Chris Lewis
- Re: [Asrg] Software bashing [mostly OT, but on at the end]
  - From: der Mouse

Prev by Date: Re: [Asrg] Software bashing [mostly OT, but on at the end]
Next by Date: Re: [Asrg] Software bashing [mostly OT, but on at the end]
Previous by thread: Re: [Asrg] Software bashing [mostly OT, but on at the end]
Next by thread: Re: [Asrg] Software bashing [mostly OT, but on at the end]
Index(es):
- Date
- Thread