> On Tue, 9 Jun 2009, Matus UHLAR - fantomas wrote: >>> I believe his request for stats is a polite way of disagreeing with your >>> statement that bots 'often' use Outlook SMTP Auth. >> >> OK, to be more accurate: times change, and maybe currently it's not that >> common to use outlook's (or whatever's) engine to send spam/viruses/etc
On 09.06.09 10:10, Charles Gregory wrote: > Please stay in context. That was just what I have tried. > We're talking about how to weigh SMTP auth in > *spamassassin*, which implies it is only the spam and not 'viruses/etc' > that are being discussed. Perhaps botnets spread their viral component > via a sender's MX to try and gain 'trust' for that all-important > infection process, but that is low volume and does not look like spam. There was also recommendation not to scan outgoing, authentized e-mail by SA, which I objected against. >> However since there are always cases a malware sends through outgoing >> relays (Should I search out ticketing systm for those?) I think it's >> still not good to skip scanning of authenticated/outgoing e-mail. > > If you're talking anti-virus scanning, you are quite correct. > If you are talking anti-spam scanning, and in particular about > spam sent from botnets, then at *best* the arguments are highly > specific to a given system. At worst, as a generality, I would say > 'infrequently', not 'often'. You know, YMMV stuff. :) I'm sure once that was "often" and I guess there's still some malware spreading spam this way. Well, just today I have found customer spamming through our SMTP servers... >> And, since there are reputation services on the net, and outgoing >> mailservers are expected to have better reputation than customers' end >> IPs, the situation may change once again... > > Blah. Don't get me going on the whole 'reputation' thing. Still annoys me > that Yahell 4xx's mail from our lists because of 'too many recipients'. > Well, duh, it's a list. (shake head). I suppose it's better than 5xx... :) does not matter if we agree with the reputation system, there are still people and blacklist who refuse mail from an IP if they receive more than X spams and less than Y hams within Z seconds etc.sending spam via gmail servers is more effective than from e.g. malaysian dialup, since people usually object against blacklisting google/gmail, while they don't against .my dialups... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. He who laughs last thinks slowest.
