Trojaned machines - by their nature authenticated
No, not actually. The authentication process is SMTP server to server, so
unless the
trojaned system has access to an open relay which is, nevertheless, properly
accounted
for in the SPF/Caller ID DNS entries, the trojan will need to have proper SMTP
AUTH
credentials to some server. They don't currently work this way, and it seems
unlikely
that an administrator would leave relays open but implement domain-level SMTP
authentication.
Uncloseted spammers - eg sheck-buy, authenticated cause they don't care
Third world spammers - sender authenticated but legally out of reach
Yes, definitely, and this is why blacklists (or the new PC term "blocklists")
are
important in an SMTP authenticated world. Unlike now, such lists could be
accurate and
authoritative. It's possible that spammers could buy and use large numbers of
throwaway
domains, but there would still be IP-based blacklisting and the fact that would
have to
operate out in the open.
Open Scripts - Authenticated by the insecure server (sendmail)
See first answer
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
larryseltzer(_at_)ziffdavis(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg