On 12/04/2015 10:59 AM, Hector Santos wrote:
On 12/4/2015 8:10 AM, Chris Lewis wrote:
AUTH-cracking to this extent is a relatively recent phenomena, and is
clearly being used as an attempt to bypass normal direct-2-MX botnet
blocking and hijack the reputation of the MTA instead of some random
cracked PC.
Hi, I'm surprise to read you say this is "relatively recent." Are you
mean in months, years or one to several decades?
I should say that "back in the day", SMTP-auth from BOTs was
sufficiently rare that it could safely be ignored.
SMTP-auth from bot started in a noticable fashion about 2-3 years ago
and continuing to rise to extreme levels in the past 6-12 months. To
some MSAs, the impacts were obvious before that.
To me, this is "relatively recent". Sorry, should have clarified.
As a MUCH more recent development, remember "open relay"? That was
obsolete 10 years ago, and except for a couple of low volume Chinese
spammers, not seen at all. Well, guess what? One extremely prolific
spambot started doing it in very high volumes less than a month ago.
That's right, spambots attempting to open relay through MTAs. Shipping
almost exclusively malware at that.
Fun eh?
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp