-----Original Message-----
From: asrg-bounces(_at_)ietf(_dot_)org
[mailto:asrg-bounces(_at_)ietf(_dot_)org] On Behalf Of Bill
Cole
Sent: Wednesday, February 16, 2005 5:55 AM
To: asrg(_at_)ietf(_dot_)org
Subject: RE: [Asrg] Spammer proxies using legitimate mail relays
There is a next obvious step for the zombieware: keep an eye out for any
outbound port 25 connections. If ZoneAlarm can do it, there's no reason a
trojan can't.
Or it could just ask the user. That has worked for Swen for a year and a
half.
Enforcement of SSL for SMTP/POP3 is a very good thing to require for
security in general and will make it more difficult to sniff TCP 25 for
clear text credentials. But to stay up to speed with the spammers, we must
simply assume that zombieware at some point will be able to acquire the
user's full SMTP server name and full username/password credentials in the
vast majority of cases using any means necessary. The question is what to
do about it.
James Lick makes some great points on what can be done i.e. rate limiting,
outbound scanning and account lockout. But the problem is getting the
cooperation from ISPs to put in the time and effort. At the very least,
SenderID and SPF will force some accountability and we will be able to
accurately black list individual email accounts on ISPs that enforce SMTP
AUTH.
George
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg