On Sat 09/Jul/2016 00:32:32 +0200 Gordon Messmer wrote: > On 07/08/2016 03:04 PM, Alexei Batyr' wrote: >> >> Unfortunately spamers/fishers et al. already mastered SSL and STARTTLS and >> successfully use them in brute force and other attacks. > > I'd expect so. I didn't recommend TLS as a measure against brute-force > attacks, I recommended it to protect passwords from leaking on untrusted > networks. Authentication should always be done on a secure channel.
CRAM-* methods are good too. IME, spammers don't quite master them, in the sense that after they mostly use plain login for both brute-force attacks and to deploy stolen passwords. Ale -- ------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users