RE: [Declude.JunkMail] OT: another SOBERing though

[Colbeck, Andrew]

Serge, that's a misleading line of reasoning.   Here's the thing:   Auth on port 587 is the right best practice for ISPs (and some corporations) so that they can properly secure their MTA against misuse by 3rd parties, including worms on their client subnets.   It cuts off large swaths of current flaws: the ISP won't have any open relays, won't have whitelisted client subnets, thereby allowing the ISP to firewall outbound port 25 from their personal clients.  Auth on 587 also allows the client to wander all over the Internet with their laptop and still send mail with their own mailfrom name from the expected ISP's MTA.   As you've surmised, this doesn't help if the bad guys have auth that they've stolen from one of your clients.    However, this becomes the same case as if the bad guy is one one of your clients, and the answers are the same; the ISP needs traffic logging and alerts, e.g. the mail volume restrictions over time that were discussed earlier today.   Is that clearer?   Andrew 8)     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Serge Sent: Thursday, November 17, 2005 3:12 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] OT: another SOBERing though not sure how using port 587 will solve this cant the spammers/virus writers eventualy use this port why would that be a long term solution ?     ----- Original Message ----- From: Matt To: Declude.JunkMail@declude.com Sent: Thursday, November 17, 2005 7:24 PM Subject: Re: [Declude.JunkMail] OT: another SOBERing though I think one of the issues here is that Hijack was designed to solve a problem that existed due to omission on the part of IMail, but being a separate app, it might not be the most optimal method, though for now it definitely is. Most servers on the Internet have no policies in place to restrict the volume of E-mail through authenticated accounts.  This is a gaping hole and it is now being exploited.   The best way to effectively stop such things is to integrate that functionality into the servers themselves, and all servers need such settings defaulted to being enabled in order to protect the Internet from the garbage that hacked accounts can spew. Clearly people aren't taking this seriously enough, including the often exploited likes of HotMail/Microsoft and Yahoo.  I figure that eventually everyone will begin to take this seriously, but only after things have become much worse.  Keep in mind that most of us were operating as open relays up until about 2000, and most of us had no alternative.  E-mail systems with their very loose or completely lacking policy enforcement in combination with being the most often attacked system on the Internet with the most financial gain should be a primary focus as far as security goes. What really gets me is that in the last couple of years, there was a huge focus on SPF, Caller-ID and Domain Keys, but very little focus on propagating port 587/AUTH-only support on mail servers, and seemingly no focus in getting E-mail clients to auto-negotiate such settings.  Now we are seeing another completely predictable situation in which spammers and virus writers are automating the hacking of E-mail accounts, and there are virtually no protections in place.  IMO, it's a shame that the biggest players were pushing for what I consider to be almost valueless functionality while the big names behind them were also the ones that were being exploited the most and still are.  These are also the same fools that paid-off the Congress so that they 'can'-Spam. Matt Serge wrote: hijack will work, but it will be much better if it works based on the authenticated user instead of ip also we need to be able to set different limits/categories for different users   declude, are listening?         ----- Original Message ----- From: Markus Gufler To: Declude.JunkMail@declude.com Sent: Thursday, November 17, 2005 6:36 PM Subject: RE: [Declude.JunkMail] OT: another SOBERing though Wow! It's like 1995 - 2005 had never been. :-|   ok, I must say I never worked with Declude Hijack. It's not simply this what we need now?   Markus   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Colbeck, Andrew Sent: Thursday, November 17, 2005 6:41 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: another SOBERing though You can read about or get your own version of the password stealing app here:   http://www.nirsoft.net/utils/pspv.html   Andrew 8)