[67550] in North American Network Operators' Group
Re: SMTP authentication for broadband providers
daemon@ATHENA.MIT.EDU (Alex Bligh)
Wed Feb 11 20:06:54 2004
Date: Thu, 12 Feb 2004 01:06:11 +0000
From: Alex Bligh <alex@alex.org.uk>
Reply-To: Alex Bligh <alex@alex.org.uk>
To: Sean Donelan <sean@donelan.com>
Cc: nanog@merit.edu, Alex Bligh <alex@alex.org.uk>
In-Reply-To: <Pine.GSO.4.58.0402111923250.12012@clifden.donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu
--On 11 February 2004 19:45 -0500 Sean Donelan <sean@donelan.com> wrote:
> The bulk of the abuse (some people estimate 2/3's) is due to compromised
> computers. The owner of the computer doesn't know it is doing it.
> Unfortunately, once the computer is compromised any information on that
> computer is also compromised, including any SMTP authorization
> information.
>
> SMTP Auth is not the silver bullet to solve the spam problem. ...
> Right now SMTP AUTH is a bit more useful because the mailer can directly
> identify the compromised subscriber. But I expect this to also be
> short-lived. Eventually the compromised computers will start passing
> authentication information.
Sure it's not a silver bullet. I think we ran out of silver bullets years
ago. But it gives you a lot more useful information that the IP address
(not much use with NAT etc.). As someone spake earlier who appeared to have
actually done it, you can then rate-limit by individual users, disable
individual users etc. - that's *far* harder on non-authenticated dynamic
SMTP.
Once someone has comprimised a machine & stolen authentication tokens you
are (arguably) fighting a different battle anyway. A comprimised machine
could HTTP post spam to hotmail/yahoo etc. if it wanted to - the problem
is then protocol independent.
My original point was that port 25 blocking by ISPs does not stop mobile
users using SMTP AUTH, and the reasons for ISPs blocking port 25 are not
likely to be extended to smtps / submission. Not that the latter two
protocols would solve all spam tomorrow.
Alex
