Misguided SPAM Filtering techniques
Adrian Chadd
adrian at creative.net.au
Sun Oct 21 06:22:33 UTC 2007
On Sun, Oct 21, 2007, Nathan Ward wrote:
> Blocking 25/TCP is acceptable, blocking 587/TCP is not - it is
> designed for mail submission to an MSA, so serves little use for
> spam, save when a spammer has detected an open mail relay listening
> on 587/TCP, or someone has (mis)configured port 587 to allow
> submission to locally hosted domains from remote hosts without
> authentication. I'd be /very/ surprised if the networks in question
> received sufficient complaints from (clueless) mail admins, who were
> being spammed via one of these techniques.
Or peoples' machines are now being infected by malware which
checks for login credentials or uses the existing mail client
via various inter-process communication techniques; re-using said
login credentials to talk to authenticated SMTP servers.
Gotta get a clue; its not enough to just authenticate who sent
the email anymore..
Adrian
More information about the NANOG
mailing list