Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Spam Solution

From: Gadi Evron <ge () egotistical reprehensible net>
Date: Fri, 18 Jun 2004 15:01:01 +0200
SMTP AUTH cracking and using the ISP account? Not that it can't and won't be done, but
I'm aware of no actual examples. Could you cite one please?
I was referring to using Trojaned machines and using the user's actual email address. Much like you were, only I was talking of using Outlook. 


So if you have enough systems doing it you can send unauthenticated mail through servers
that require authentication? Please explain this to me.


See above.


No it doesn't. It's enough that MTAs can choose for a while to treat authenticated and
unauthenticated mail differently. And before too long if the major ISPs and major
corporations and government adopt the scheme (and there's an excellent chance they will)
others will be forced to adopt it in order for their mail to get through reliably. Then
one day admins can throw the switch and reject unauthenticated mail. 

I hope you are right. I don't think you are, but I hope I am wrong.
I already went through this discussion on several mailing lists.. I think I'll quit now while ahead. :) 

        Gadi Evron.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: