According to this article http://www.spamhaus.org/news.lasso?article=156,
spamware has improved it's capability to avoid black listing by using the
legitimate outbound SMTP servers of it's infected victim. As a result, an
increasing amount of spam is coming from legitimate mail gateways.
Does anyone have more detailed information on spamware and how it manages to
do this? Does it steal SMTP server configuration information from the
user's email real email client? Can it also steal stored user credentials
so that it can even work if the outbound SMTP server of the ISP requires
user authentication? Even if that weren't possible to steal stored
credentials because they're encrypted, couldn't it simply sniff the network
traffic and simply log/capture all SMTP or POP authentication requests? If
this was true (and there is no reason it couldn't be done), this would mean
that spamware would be able to fool SPF or SenderID. Can anyone confirm
this?
At this point, the anti-SPF or anti-SenderID folks are probably saying "I
told you so". I don't believe this was a surprise to the SPF proponents
because it was always known that "throttling" for outbound SMTP would have
to be implemented. It will probably need to be even more drastic than that,
such as account lock out the minute an outbound message triggers a spam
alert and is verified.
George Ou
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg