It is possible to build a POP server that graylists on the first
failed password for, say, a few minutes. That would be sufficient to
slow down an attack significantly. But to my knowledge nobody is
doing that on a POP server.
brute force password attacks on POP accounts is something I haven't heard of.
Spammers want to make money, and stealing mail from POP accounts
after a brute force attack is hardly the easiest path to $$$.
I've read that some of the real money hounds who run bot networks
have switched to phishing from charging spammers for sending spam, or
doing both.
Bot nets can be also used for malicious DDOS, eg, in extortion
attempts or as punishment of someone effectively hurting the bot net operators.
If the Imail POP3 service insisted on APOP or TLS and immediately
dropped any TCP connection that didn't do APOP or TLS, then maybe it
would be less vulnerable. But getting all your POP clients to use
APOP or TLS is difficult.
Len
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
