On Friday, July 11, 2003, at 12:46 PM, Alan DeKok wrote:
Unless the propogation of these malware programs is quenched, I
think this incident can be taken as the start of the end for mobile
users of naked, unauthenticated, unverifiable SMTP. There are other
methods by which they can send email, and those methods will help
protect against this kind of spam attack, at least.
They will? How?
If the user's copy of Microsoft Outlook is capable of sending e-mail,
then it doesn't matter if you authenticate or verify before allowing
SMTP. It doesn't help a bit, any more than it would help to block SMTP.
As long as the machine can be used to send e-mail, and can easily be
compromised (i.e. is running Windows), it can be used to send spam. If
necessary the spamming trojan can simply feed its messages to Outlook
to send via whatever method of authentication and verification the
user's ISP requires.
mathew
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg