[100287] in North American Network Operators' Group
Re: Misguided SPAM Filtering techniques
daemon@ATHENA.MIT.EDU (Adrian Chadd)
Sun Oct 21 02:41:51 2007
Date: Sun, 21 Oct 2007 14:22:33 +0800
From: Adrian Chadd <adrian@creative.net.au>
To: Nathan Ward <nanog@daork.net>
Cc: nanog list <nanog@nanog.org>
In-Reply-To: <ADC1B4FD-93DD-4240-A5E0-4E469E88FD15@daork.net>
Errors-To: owner-nanog@merit.edu
On Sun, Oct 21, 2007, Nathan Ward wrote:
> Blocking 25/TCP is acceptable, blocking 587/TCP is not - it is
> designed for mail submission to an MSA, so serves little use for
> spam, save when a spammer has detected an open mail relay listening
> on 587/TCP, or someone has (mis)configured port 587 to allow
> submission to locally hosted domains from remote hosts without
> authentication. I'd be /very/ surprised if the networks in question
> received sufficient complaints from (clueless) mail admins, who were
> being spammed via one of these techniques.
Or peoples' machines are now being infected by malware which
checks for login credentials or uses the existing mail client
via various inter-process communication techniques; re-using said
login credentials to talk to authenticated SMTP servers.
Gotta get a clue; its not enough to just authenticate who sent
the email anymore..
Adrian
