[Top] [All Lists]

Re: [ietf-smtp] [Shutup] Levels of proposals

2015-12-04 10:31:54
On 12/04/2015 10:59 AM, Hector Santos wrote:
On 12/4/2015 8:10 AM, Chris Lewis wrote:

AUTH-cracking to this extent is a relatively recent phenomena, and is
clearly being used as an attempt to bypass normal direct-2-MX botnet
blocking and hijack the reputation of the MTA instead of some random
cracked PC.

Hi, I'm surprise to read you say this is "relatively recent."  Are you
mean in months, years or one to several decades?

I should say that "back in the day", SMTP-auth from BOTs was sufficiently rare that it could safely be ignored.

SMTP-auth from bot started in a noticable fashion about 2-3 years ago and continuing to rise to extreme levels in the past 6-12 months. To some MSAs, the impacts were obvious before that.

To me, this is "relatively recent".  Sorry, should have clarified.

As a MUCH more recent development, remember "open relay"? That was obsolete 10 years ago, and except for a couple of low volume Chinese spammers, not seen at all. Well, guess what? One extremely prolific spambot started doing it in very high volumes less than a month ago. That's right, spambots attempting to open relay through MTAs. Shipping almost exclusively malware at that.

Fun eh?

ietf-smtp mailing list