Outgoing SMTP Servers

Blake Hudson blake at ispn.net
Tue Oct 25 21:35:20 CDT 2011



J wrote the following on 10/25/2011 9:25 PM:
> Blake Hudson wrote:
>> If
>> 587 becomes popular, spammers will move on and the same ISPs that
>> blocked 25 will follow suit.
> I don't see this happening as easily.  Authenticated means an easier
> shutdown of an account, rather than some form of port block/etc.
An infected machine can just as easily send out mail on port 587 as it 
can using port 25. It's not hard for bot net hearders to come up with a 
list of valid credentials stolen from email clients, via key loggers, or 
simply guessed through probability. I see it every day.

I will shutdown a compromised account on my end, but that doesn't stop 
ATT's infected subscriber from spamming 100 other servers using 100 
other stolen credentials. I may also send an abuse report to ATT if they 
have an infected machine trying to perform a dictionary attack or brute 
force logins against my port 587 SMTP server. ATT's going to deal with 
the abuse reports as cheaply as possible. If they receive enough, I have 
no doubt they'll repeat past mistakes.



More information about the NANOG mailing list