Franck Martin wrote:
I cannot get to the first link
My apologies, sent attachment off-list.
for the second link, this is grey listing, so nothing new here
To be noted I see now that infected machines will send several times the same
message to the same email.
That's one of the points in the paper - an infected bot will attempt
to send From: many different
addresses without retrying the initial To: target. It'll happy
provide many domains that it's
from.
So I think the spammers are now fighting greylisting, and greylisting is
becoming less and less effective.
It would appear that OS fingerprinting WITH greylisting is an
effective tool to research. It may be
one of those short term bandaids, but worthy of looking at.
I kind of like the idea of OS fingerprinting, anyone has a working filter?
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg