Trojaned machines - by their nature authenticated
No, not actually. The authentication process is SMTP server to
server,
No when I say trojaned machine I mean someone places a trojan on my machine
and then sends email on my account
my server will of course authenticate the email as having come from me (and
itself)
the server doesn't know my machine has been compromised.
I didn't send it, some spammer who took over my machine did.
so unless the trojaned system has access to an open relay which is,
nevertheless, properly accounted
for in the SPF/Caller ID DNS entries, the trojan will need to
have proper SMTP AUTH
credentials to some server. They don't currently work this way,
and it seems unlikely
that an administrator would leave relays open but implement
domain-level SMTP
authentication.
just because an ISP upgrades to the latest version of Sendmail does not
automatically make him security wise
many open relays are created by inept or lazy managers, and like spammers
they wont go away.
Open Scripts - Authenticated by the insecure server (sendmail)
See first answer
Same answer as trojaned
If my website had an insecure script on it (formmail) and someone uses it to
send e-mail. again it is authenticated as coming from my account.
sendmail says "yeah I know that guy" so I will authenticate the email.
but there would still be IP-based blacklisting and the
fact that would have to
operate out in the open.
I am personally against blacklists
but at least with server identification blacklists can narrow their targets
to the actual offending server, as opposed to the scattergun approach they
have now.
If "Blocklists" were to become viable in my opinion they would have to be
formalised
and again the argument arises that one mans spam is another mans erectile
enhancer
People actually use spam the same as my wife uses junkmail.
Just because someone personally won't accept any form of spam does not mean
the next person has to bow to their wishes.
this is effectivally censorship which I am totally against.
Regards
Chris
-----Original Message-----
From: Larry Seltzer [mailto:larry(_at_)larryseltzer(_dot_)com]
Sent: Monday, 1 March 2004 1:07 PM
To: 'Chris'; 'ASRG'
Subject: RE: [Asrg] Sendmail CEO Backs Yahoo DK and MS CID
Uncloseted spammers - eg sheck-buy, authenticated cause they don't care
Third world spammers - sender authenticated but legally out of reach
Yes, definitely, and this is why blacklists (or the new PC term
"blocklists") are
important in an SMTP authenticated world. Unlike now, such lists
could be accurate and
authoritative. It's possible that spammers could buy and use
large numbers of throwaway
domains, but there would still be IP-based blacklisting and the
fact that would have to
operate out in the open.
Open Scripts - Authenticated by the insecure server (sendmail)
See first answer
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
larryseltzer(_at_)ziffdavis(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg