On Feb 20, 2007, at 10:00 AM, Woodchuck wrote:
On Tue, 20 Feb 2007, Peter N. M. Hansteen wrote:
J Moore <[EMAIL PROTECTED]> writes:
Isn't this a bit "over the top"?
Well, people don't read these strings at all unless they're
looking at
spamd source code or doing a "telnet yourhost.tld smtp" for debugging
purposes. The message you quote here is essentially just a preserved
version of the telnet to smtp case.
In their present form, don't these messages provide a clear
fingerprint
for the next generation of spamware to read and then heed? I suppose
that problem can be dealt with when it occurs, probably faster
than spammers can follow.
Dave
I was thinking the exact same thing.
A number of our customers use the ability to customize their SMTP
banner via our products in order to avoid some very basic system
identification by spammers (Cisco PIX does this too for instance, but
in a very broken and disruptive way). It wouldn't escape detailed
analysis, but if a spammer can't casually discover what type of anti-
spam system they're connecting to, they're less likely to attempt any
work-arounds.
In the case of a greylisting type of solution, it seems that
identification would be especially devastating since the work-around
is so trivial. Unless my understanding is very wrong, the whole
effectiveness of the solution depends on the spammers not realizing
the difference between a "normal" MTA and one that greylists.
Brian Keefer
www.Tumbleweed.com
"The Experts in Secure Internet Communication"
