At 8:16 AM -0500 2/16/05, Daniel Feenberg wrote:
Port 25 on "mail" or "smtp" is a valid smtp relay not requiring any
authentication for more than half of ISPs. The Windows resolver will fill
in the domain part of the relay host name. I have seen no claims that any
spamware *at the moment* goes any further than this, although of course as
time goes by it will do whatever is necessary.
I do hope that ISPs don't get the idea the way to fight this is to obscure
the MTA name.
There is a next obvious step for the zombieware: keep an eye out for
any outbound port 25 connections. If ZoneAlarm can do it, there's no
reason a trojan can't.
Or it could just ask the user. That has worked for Swen for a year and a half.
--
Bill Cole
bill(_at_)scconsult(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg