The port 25 block is pretty much standard for large ISPs today; it's
to prevent spammers from using massive networks of compromised PCs to
deliver spam.
Changing ports is useless unless authentication is required.
If deterring spammers is the primary goal, then ISPs can just require
authentication for customers over the standard SMTP port.
I'm not really here to debate you on this ... but the _point_
is to prevent zombie PCs from doing final delivery to random sites
on the internet. It's a lot easier for the ISP to notice, "Hey, you
just tried to send 5000 emails in the space of 2 minutes", if their
mail servers are in the message path. And many ISPs are doing stuff
like POP-before-SMTP instead of authentication.
However, even with authentication, if a system is zombied, probably
would not take much for authentication credentials to be stolen by
the malware and used for sending out spam.
It doesn't seem like they're doing that just yet, but of course it's
a continual arms race.
--Ken
_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
http://lists.nongnu.org/mailman/listinfo/nmh-workers