Re: outbound failure limiting - the next phase in the spam war?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=20


Jorey Bump wrote:

> John Pettitt wrote:
>
>> As outbound port 25 blocking starts to become prevalent among
>> ISP=92s the zombie armies of spam machines are starting to send via
>> the ISP=92s outbound mail servers. This is going to make many of
>> the rbl lists obsolete as any per-server filter is too blunt an
>> instrument to filter this kind of attack.
>
>
> Only if the server is an open relay for machines on the ISP's
> network. There's no reason why authentication shouldn't be required
> to use the smart host.
>
> I doubt if port 25 blocks are as prevalent as indicated. It would
> cause too many problems for road warriors and sites that use SPF or
> SenderID. I know I would drop my ISP in a heartbeat if they forced
> me to use their unreliable/insecure relays instead of my own.

Many ISP's are going to 25 blocks for dynamic addresses - mine
(sonic.net) just added it for static addresses with an opt out that
lets users run their own servers. Authentication isn't going to
solve the problem because the bad guy owns the client which has the
authentication information stored on it. One you on the PC it's
trivial to hijack the mail server settings (authentication and all).
What sparked this conversation was an ISP mail server being added to a
block list because of a hijacked client spewing spam.

John

>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
=20
iD8DBQFCk3t7aVyA7PElsKkRAiwLAJ0e6cdMe23TGy7wTFVpZl FzNTLQZwCdFEIO
Bybk7c+dEGmOEobicghy+xU=3D
=3DpFz5
-----END PGP SIGNATURE-----