Time to check the rate limits on your mail servers
Gadi Evron
ge at linuxbox.org
Thu Feb 3 15:14:40 UTC 2005
> Did you actially read the article? This was about drones sending out via
> its ISP mailserver. Blocking outbound 25 doesnt help a bit here. In
> general sure, good ide, and also start using submission for example. But
> in this contect its silly.
No, it is relevant or I wouldn't have mentioned it.
Allow me to elaborate; and forget about this article, why limited ourselves?
Once big ISP's started blocking port 25/outbound for dynamic ranges, and
it finally begun hitting the news, we once again caused the spammers to
under-go evolution.
In this particular case, they figured they'd have to find better ways to
send spam out, because eventually, they will be out of working toys.
Using the user's own mail server, whether by.. erm.. just utilizing it
if that is possible, sniffing the SMTP credentials or stealing them from
a file/registry, maybe even using Outlook to send is all that's about to
happen.
heck, I don't see how SMTP auth would help, either. They have local
access to the machine.
Now, once 100K zombies can send *only* 1000 spam messages a day instead
of 10K or even 500K, it makes a difference, but it is no solution.
I am happy to see people are starting to move this way, and I personally
believe that although this is happening (just go and hear what Carl from
AOL says on Spam-R that they have been seeing since 2003), this is all a
POC. We have not yet begun seeing the action.
Should I once again be stoned, or will others see it my way now that the
tide is starting to turn?
Gadi.
More information about the NANOG
mailing list