Now what happens to all the small businesses that use MS-Exchange
to send email?
[T]hey get a sharp lesson in [...] how a non-spammer looking enough
like a spammer will get treated like a spammer.
I see no more need to support direct-to-MX-from-Exchange [...]
Direct-to-MX-from-Exchange? That's what it's _supposed_ to do. It's
the MTA.
Right. But it's an unusually badly behaved one. Exchange is good
groupware with a bad MTA duct-taped onto the side.
ITYM: direct-to-MX-from-Outlook.
You think wrong. Look enough like a spammer and you can expect to be
treated like a spammer, even if you're not. Someone using Exchange as
a world-facing outgoing MTA may not be a spammer, but will be running
Windows on what to the rest of the world is an SMTP client. This looks
like a spammer from the perspective of this thread (which was about OS
fingerprinting of SMTP client hosts). You wrote
There are some annoyances in Exchange, but true infections on
Exchange servers are extremely rare.
which, even if true, is pretty much irrelevant without some way to tell
whether that Windows machine connecting to you is an Exchange outgoing
MTA or a direct-to-MX zombie.
Some would say that this makes it "impossible" to use this technique.
The stance behind my note is that Exchange is a bad enough MTA that the
pressure this technique would exert against it would be of net positive
value.
And if there were some way to identify Exchange, all its getting a free
pass would mean would be that bitnet herders would mass-install
Exchange on their zombies and send through it - or, perhaps even more
likely, just forge whatever Exchange indicator(s) get(s) widely used.
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse(_at_)rodents-montreal(_dot_)org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg