On Fri, 11 Aug 2006 09:38:46 BST, Peter Corlett said:
On 10 Aug 2006, at 22:07, Barry Shein wrote: [...]
The vector for these has been almost purely Microsoft Windows.
I wonder. From the point of view of a MX host (as opposed to a customer-facing smarthost), would TCP fingerprinting to identify the OS and apply a weighting to the spam score be a viable technique?
That would depend entirely on how much business you do with companies that are afflicted with Exchange servers for their mail service. If you're also dinging the host for non-adherence to RFCs, there's probably Exchange boxes you'll never hear from again. Whether this is good or bad depends on your own personal religious convictions. ;) Now, if it fingerprints as a Redmond product, and doesn't have the tell-tale headers of having been through an Exchange server, that's gotta be worth *several* points of weighing....