[67525] in North American Network Operators' Group
RE: SMTP authentication for broadband providers
daemon@ATHENA.MIT.EDU (Mark Segal)
Wed Feb 11 10:46:37 2004
Date: Wed, 11 Feb 2004 10:45:56 -0500
From: "Mark Segal" <MSegal@Corporate.FCIBroadband.com>
To: "Dan Ellis" <ellis@corp.ptd.net>, <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
> I'm looking for comments on whether this is generally seen as a
positive change or a waste
> of time (ie - will the next virus or worm gleam your SMTP username and
password from
> Outlook Express and use it to replicate/SPAM)? =20
We are planning on moving the same way. Without a doubt, a new virus or
worm will emerge that will steal the SMTP-AUTH from the config file (or
more likely, ALL the new variants will steal the SMTP-AUTH info). But,
with SMTP-AUTH you can limit the number of connections and outbound
emails, which is the real reason we are doing it.
Also since some of the new variants are smart enough to bundle in a SMTP
server, or use the local service in XP, we have taken to blocking emails
from clearly marked residential high speed subnets (reverse DNS) in
other providers space. Maybe its time there is some proposed rfc like
device for this?
Regards,
Mark
--
Mark Segal
Director, Network Planning
FCI Broadband
Tel: 905-284-4070
Fax: 416-987-4701
http://www.fcibroadband.com <http://www.fcibroadband.com/> =20
Futureway Communications Inc. is now FCI Broadband=20
