ietf-asrg
[Top] [All Lists]

Re: [Asrg] Software bashing [mostly OT, but on at the end]

2009-01-23 16:08:05

On Jan 23, 2009, at 12:46 PM, der Mouse wrote:

Now what happens to all the small businesses that use MS-Exchange
to send email?
[T]hey get a sharp lesson in [...] how a non-spammer looking enough
like a spammer will get treated like a spammer.

I see no more need to support direct-to-MX-from-Exchange [...]

Direct-to-MX-from-Exchange?  That's what it's _supposed_ to do.  It's
the MTA.

Right.  But it's an unusually badly behaved one.  Exchange is good
groupware with a bad MTA duct-taped onto the side.

ITYM: direct-to-MX-from-Outlook.

You think wrong.  Look enough like a spammer and you can expect to be
treated like a spammer, even if you're not.  Someone using Exchange as
a world-facing outgoing MTA may not be a spammer, but will be running
Windows on what to the rest of the world is an SMTP client. This looks
like a spammer from the perspective of this thread (which was about OS
fingerprinting of SMTP client hosts).  You wrote

There are some annoyances in Exchange, but true infections on
Exchange servers are extremely rare.

which, even if true, is pretty much irrelevant without some way to tell
whether that Windows machine connecting to you is an Exchange outgoing
MTA or a direct-to-MX zombie.

Which is usually easy enough to tell by other approaches.

I see some legitimate email from Windows systems (Exchange, primarily,
but also a few others).

The majority of the spam I see in my inbox (which is filtered, but not
by anything that takes source address into account) comes, AFAICT,
from Linux boxes or email appliances (primarily linux based).

Compromised PHP boxes and spam coming from sources that emit
a mixture of spam and legitimate email dominate the traffic that
makes it to my inbox, AFAICT from a quick look.

Which doesn't tell me much, but does suggest that A) people blaming
Windows for all the net's ills may not be basing it on representative
traffic and B) research is likely useful, speculation probably isn't.

Cheers,
  Steve

_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg