On Sat, 21 Aug 2010 13:02:53 +0200 news...@acrocat.com wrote: > Sorry Steven, I used the wrong account to send to the list. I will try > to not make that happen anymore :) > Have I not heard that from you before :)
> To answer your question below... a bit of security. > I watched a friend of mine from a big company login to his webmail the > other day and got the idea... If someone was going to brute force an > attack, under the current system they already have the username. Under > the new system, they wouldn't even have the username... > Okay. I understand that. You however would then need to think that whole thing not only from the DSPAM viewpoint but from all the other systems too (aka: IMAP, POP, SMTP, etc). To change all of that will be much more work then just changing the login screen on DSPAM. I usually open accounts with an unique id and not with the email address. The reason I do that is that if a women is getting married and she changes her name then I don't have to fiddle arround in moving her mail database to reflect the new name. I just change/add an additional alias and that's it. So I have not made that because I want to have better security but because I want easier administration. If you are worried about the point that someone knows already the username and you are afraid that he/she will be able to easier attack your infrastructure by only needing to guess the password then you already are confessing that your security is bad (in some way). Or to say it in other words: If your security is relayin on the point that information is hidden then your security is bad. I get a gazillion of such brute force attacks and I fight against them. With everything that I can. Just because the username is not known does not mean that I can sit back and relax. I give the same priority to those attacks as if the username would be known or unknown. > On 8/21/2010 10:26 AM, Stevan Bajić wrote: > > > > What do you expect from this change? Or what is the reason you want to do > > that change? > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by > > Make an app they can't live without > Enter the BlackBerry Developer Challenge > http://p.sf.net/sfu/RIM-dev2dev > _______________________________________________ > Dspam-user mailing list > Dspam-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/dspam-user ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Dspam-user mailing list Dspam-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-user
