Time to check the rate limits on your mail servers

Gadi Evron ge at linuxbox.org
Thu Feb 3 15:14:40 UTC 2005


> Did you actially read the article? This was about drones sending out via 
> its ISP mailserver. Blocking outbound 25 doesnt help a bit here. In 
> general sure, good ide, and also start using submission for example. But 
> in this contect its silly.

No, it is relevant or I wouldn't have mentioned it.

Allow me to elaborate; and forget about this article, why limited ourselves?

Once big ISP's started blocking port 25/outbound for dynamic ranges, and 
it finally begun hitting the news, we once again caused the spammers to 
under-go evolution.

In this particular case, they figured they'd have to find better ways to 
send spam out, because eventually, they will be out of working toys.

Using the user's own mail server, whether by.. erm.. just utilizing it 
if that is possible, sniffing the SMTP credentials or stealing them from 
a file/registry, maybe even using Outlook to send is all that's about to 
happen.

heck, I don't see how SMTP auth would help, either. They have local 
access to the machine.

Now, once 100K zombies can send *only* 1000 spam messages a day instead 
of 10K or even 500K, it makes a difference, but it is no solution.

I am happy to see people are starting to move this way, and I personally 
believe that although this is happening (just go and hear what Carl from 
AOL says on Spam-R that they have been seeing since 2003), this is all a 
POC. We have not yet begun seeing the action.

Should I once again be stoned, or will others see it my way now that the 
tide is starting to turn?

	Gadi.



More information about the NANOG mailing list