Re: [Declude.JunkMail] OT: another SOBERing though

[Matt]

I think one of the issues here is that Hijack was designed to solve a problem that existed due to omission on the part of IMail, but being a separate app, it might not be the most optimal method, though for now it definitely is. Most servers on the Internet have no policies in place to restrict the volume of E-mail through authenticated accounts.  This is a gaping hole and it is now being exploited.   The best way to effectively stop such things is to integrate that functionality into the servers themselves, and all servers need such settings defaulted to being enabled in order to protect the Internet from the garbage that hacked accounts can spew. Clearly people aren't taking this seriously enough, including the often exploited likes of HotMail/Microsoft and Yahoo.  I figure that eventually everyone will begin to take this seriously, but only after things have become much worse.  Keep in mind that most of us were operating as open relays up until about 2000, and most of us had no alternative.  E-mail systems with their very loose or completely lacking policy enforcement in combination with being the most often attacked system on the Internet with the most financial gain should be a primary focus as far as security goes. What really gets me is that in the last couple of years, there was a huge focus on SPF, Caller-ID and Domain Keys, but very little focus on propagating port 587/AUTH-only support on mail servers, and seemingly no focus in getting E-mail clients to auto-negotiate such settings.  Now we are seeing another completely predictable situation in which spammers and virus writers are automating the hacking of E-mail accounts, and there are virtually no protections in place.  IMO, it's a shame that the biggest players were pushing for what I consider to be almost valueless functionality while the big names behind them were also the ones that were being exploited the most and still are.  These are also the same fools that paid-off the Congress so that they 'can'-Spam. Matt Serge wrote: hijack will work, but it will be much better if it works based on the authenticated user instead of ip also we need to be able to set different limits/categories for different users   declude, are listening?         ----- Original Message ----- From: Markus Gufler To: Declude.JunkMail@declude.com Sent: Thursday, November 17, 2005 6:36 PM Subject: RE: [Declude.JunkMail] OT: another SOBERing though Wow! It's like 1995 - 2005 had never been. :-|   ok, I must say I never worked with Declude Hijack. It's not simply this what we need now?   Markus   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Colbeck, Andrew Sent: Thursday, November 17, 2005 6:41 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: another SOBERing though You can read about or get your own version of the password stealing app here:   http://www.nirsoft.net/utils/pspv.html   Andrew 8)