William Leibzon wrote:
2. A non-standard port that is 100% open just like regular SMTP is bound
to soon be known and start to be abused. It has to be some type of
restricted profile smtp with authentication (which is what submit is,
so why reinvent it...).
Right--there's no point in blocking port 25 if you just open up another
port to plain unauthenticated SMTP. All you're doing then is
inconveniencing many people by changing the standard port number for
SMTP; you're not actually improving security at all. Botnets will just
start probing all the common SMTP ports rather than the standard one.
On the other hand, if you implement SMTP authentication, there's no need
to block port 25, and you make the bot-programmer's work harder, or even
impossible if the user's mail client uses a properly-implemented
lockable keychain.
So instead of wasting time playing move-the-port and annoying people,
just implement SMTP authentication. I mean, even my Palm handheld and my
mobile phone know about SMTP AUTH these days.
mathew
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg