I'm missing something here. If earthlink users are suddenly sending out email from "legit" servers instead of being the typical zombie then this negates the blacklist tests.
yes, but if an ISP's servers were setup to require SMTP AUTH (instead of trusting all the ISP's subscriber IPS as legit), then the trojan couldn't do SMTP AUTH and this new criminal attack (which nobody will help us fight) would be dead before it started.
1. ISP blocks port 25 (kills zombies doing direct-to-MX spamming)
2. ISP requires SMTP AUTH for his own networks (kills zombies doing indirect-via-ISP-relay spamming).
I'm less concerned about our own users as we can check them but more concerned about blacklisting being pretty much disabled.
... only for this kind of attack. RBL will still be useful for everything they are useful for now.
This new criminality could have the very beneficial side effect of forcing ISPs to require that msg submission proceed only after SMTP AUTH, which should have been the mode from day one, and as has been recommended in this forum many time over the years.
Len
_____________________________________________________________________ http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
