[Asrg] Software bashing [mostly OT, but on at the end]

Steve Atkins steve at blighty.com
Fri Jan 23 13:07:54 PST 2009 

On Jan 23, 2009, at 12:46 PM, der Mouse wrote:

>>>> Now what happens to all the small businesses that use MS-Exchange
>>>> to send email?
>>> [T]hey get a sharp lesson in [...] how a non-spammer looking enough
>>> like a spammer will get treated like a spammer.
>
>>> I see no more need to support direct-to-MX-from-Exchange [...]
>
>> Direct-to-MX-from-Exchange?  That's what it's _supposed_ to do.  It's
>> the MTA.
>
> Right.  But it's an unusually badly behaved one.  Exchange is good
> groupware with a bad MTA duct-taped onto the side.
>
>> ITYM: direct-to-MX-from-Outlook.
>
> You think wrong.  Look enough like a spammer and you can expect to be
> treated like a spammer, even if you're not.  Someone using Exchange as
> a world-facing outgoing MTA may not be a spammer, but will be running
> Windows on what to the rest of the world is an SMTP client.  This  
> looks
> like a spammer from the perspective of this thread (which was about OS
> fingerprinting of SMTP client hosts).  You wrote
>
>> There are some annoyances in Exchange, but true infections on
>> Exchange servers are extremely rare.
>
> which, even if true, is pretty much irrelevant without some way to  
> tell
> whether that Windows machine connecting to you is an Exchange outgoing
> MTA or a direct-to-MX zombie.

Which is usually easy enough to tell by other approaches.

I see some legitimate email from Windows systems (Exchange, primarily,
but also a few others).

The majority of the spam I see in my inbox (which is filtered, but not
by anything that takes source address into account) comes, AFAICT,
from Linux boxes or email appliances (primarily linux based).

Compromised PHP boxes and spam coming from sources that emit
a mixture of spam and legitimate email dominate the traffic that
makes it to my inbox, AFAICT from a quick look.

Which doesn't tell me much, but does suggest that A) people blaming
Windows for all the net's ills may not be basing it on representative
traffic and B) research is likely useful, speculation probably isn't.

Cheers,
   Steve

More information about the Asrg mailing list