Outgoing SMTP Servers
blake at ispn.net
Wed Oct 26 02:35:20 UTC 2011
J wrote the following on 10/25/2011 9:25 PM:
> Blake Hudson wrote:
>> 587 becomes popular, spammers will move on and the same ISPs that
>> blocked 25 will follow suit.
> I don't see this happening as easily. Authenticated means an easier
> shutdown of an account, rather than some form of port block/etc.
An infected machine can just as easily send out mail on port 587 as it
can using port 25. It's not hard for bot net hearders to come up with a
list of valid credentials stolen from email clients, via key loggers, or
simply guessed through probability. I see it every day.
I will shutdown a compromised account on my end, but that doesn't stop
ATT's infected subscriber from spamming 100 other servers using 100
other stolen credentials. I may also send an abuse report to ATT if they
have an infected machine trying to perform a dictionary attack or brute
force logins against my port 587 SMTP server. ATT's going to deal with
the abuse reports as cheaply as possible. If they receive enough, I have
no doubt they'll repeat past mistakes.
More information about the NANOG