From: "Micheal Espinola Jr" <[EMAIL PROTECTED]> > I ask because I don't understand how or why a spammer would bother to > waste time and processing for encrypting their traffic when they can > just bang away on plain 'ol SMTP via tcp/25. > > I'm getting a feeling that the TLS port in these cases is not configured > to allow *only* encrypted traffic.
>From http://www.exim.org/exim-html-3.20/doc/html/spec_38.html If such a host attempts to send a message without starting a TLS session, the MAIL command is rejected with the error. 503 Use of TLS required -I think spammers use TLS because port 25 is hugely protected and that nobody would think they wouldn't be as dirty to use TLS to send spam. Same for SPF- most spammers use SPF, so I have read several times. Not sure how true either of these things are. If MS has it's way SPF is about to really take off- http://news.com.com/2100-7355-5758365.html?tag=tb "Sometime around November, Hotmail and MSN will flag as potential spam those messages that do not have the tag to verify the sender, Craig Spiezle, a director in the technology care and safety group at the software maker said Wednesday. The move is meant to spur adoption of Sender ID, he said." Bro ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
