ietf-asrg
[Top] [All Lists]

Re: [Asrg] 0.General - News Article - NYT Reports Porn Spam Hijacking Network

2003-07-14 18:33:40
On Friday, July 11, 2003, at 12:46 PM, Alan DeKok wrote:
  Unless the propogation of these malware programs is quenched, I
think this incident can be taken as the start of the end for mobile
users of naked, unauthenticated, unverifiable SMTP.  There are other
methods by which they can send email, and those methods will help
protect against this kind of spam attack, at least.

They will? How?

If the user's copy of Microsoft Outlook is capable of sending e-mail, then it doesn't matter if you authenticate or verify before allowing SMTP. It doesn't help a bit, any more than it would help to block SMTP.

As long as the machine can be used to send e-mail, and can easily be compromised (i.e. is running Windows), it can be used to send spam. If necessary the spamming trojan can simply feed its messages to Outlook to send via whatever method of authentication and verification the user's ISP requires.


mathew


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg