>> The port 25 block is pretty much standard for large ISPs today; it's >> to prevent spammers from using massive networks of compromised PCs to >> deliver spam. > >Changing ports is useless unless authentication is required. >If deterring spammers is the primary goal, then ISPs can just require >authentication for customers over the standard SMTP port.
I'm not really here to debate you on this ... but the _point_ is to prevent zombie PCs from doing final delivery to random sites on the internet. It's a lot easier for the ISP to notice, "Hey, you just tried to send 5000 emails in the space of 2 minutes", if their mail servers are in the message path. And many ISPs are doing stuff like POP-before-SMTP instead of authentication. >However, even with authentication, if a system is zombied, probably >would not take much for authentication credentials to be stolen by >the malware and used for sending out spam. It doesn't seem like they're doing that just yet, but of course it's a continual arms race. --Ken _______________________________________________ Nmh-workers mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/nmh-workers
