On Tue, 9 Jun 2009, Matus UHLAR - fantomas wrote:
I believe his request for stats is a polite way of disagreeing with your
statement that bots 'often' use Outlook SMTP Auth.
OK, to be more accurate: times change, and maybe currently it's not that
common to use outlook's (or whatever's) engine to send spam/viruses/etc
Please stay in context. We're talking about how to weigh SMTP auth in
*spamassassin*, which implies it is only the spam and not 'viruses/etc'
that are being discussed. Perhaps botnets spread their viral component
via a sender's MX to try and gain 'trust' for that all-important
infection process, but that is low volume and does not look like spam.
However since there are always cases a malware sends through outgoing
relays (Should I search out ticketing systm for those?) I think it's
still not good to skip scanning of authenticated/outgoing e-mail.
If you're talking anti-virus scanning, you are quite correct.
If you are talking anti-spam scanning, and in particular about
spam sent from botnets, then at *best* the arguments are highly
specific to a given system. At worst, as a generality, I would say
'infrequently', not 'often'. You know, YMMV stuff. :)
And, since there are reputation services on the net, and outgoing
mailservers are expected to have better reputation than customers' end
IPs, the situation may change once again...
Blah. Don't get me going on the whole 'reputation' thing. Still annoys me
that Yahell 4xx's mail from our lists because of 'too many recipients'.
Well, duh, it's a list. (shake head). I suppose it's better than 5xx... :)
-Charles
