Yes, spammers use every MTA available. As well as webmail services, SMTP
capable scripts, and hijacked accounts using legitimate mail servers. It's
likely impossible to get a statistically significant correlation between an
MTA and spamminess of the mail the comes through it. When you add to that the
relative ease with which an admin can control service banners or other
identifiers, it is not possible to 100% confirm guilt or innocence of a sender
based only on the MTA they're using.
Personally, I've seen a stronger link between the actual client a mailer uses
and their spamminess, rather than the MTA.
Now, there are some highly significant signs in received headers that can help
nail down a likely guilty sender, but it's difficult to make a conclusive call
on those signs alone.
That is, at least in my experience.
Marc Perkel wrote:
Just a thought. I'm wondering if there are any clues the th received
lines that indicate the MTA that might be used for spam detection, or
rather ham detection. Do spammers ever use Exim, Qmail, Postfix?
