nanog mailing list archives
Re: SMTP authentication for broadband providers
From: Alex Bligh <alex () alex org uk>
Date: Thu, 12 Feb 2004 01:06:11 +0000
--On 11 February 2004 19:45 -0500 Sean Donelan <sean () donelan com> wrote:
The bulk of the abuse (some people estimate 2/3's) is due to compromised computers. The owner of the computer doesn't know it is doing it. Unfortunately, once the computer is compromised any information on that computer is also compromised, including any SMTP authorization information. SMTP Auth is not the silver bullet to solve the spam problem. ... Right now SMTP AUTH is a bit more useful because the mailer can directly identify the compromised subscriber. But I expect this to also be short-lived. Eventually the compromised computers will start passing authentication information.
Sure it's not a silver bullet. I think we ran out of silver bullets years ago. But it gives you a lot more useful information that the IP address (not much use with NAT etc.). As someone spake earlier who appeared to have actually done it, you can then rate-limit by individual users, disable individual users etc. - that's *far* harder on non-authenticated dynamic SMTP.Once someone has comprimised a machine & stolen authentication tokens you are (arguably) fighting a different battle anyway. A comprimised machine
could HTTP post spam to hotmail/yahoo etc. if it wanted to - the problem is then protocol independent. My original point was that port 25 blocking by ISPs does not stop mobile users using SMTP AUTH, and the reasons for ISPs blocking port 25 are not likely to be extended to smtps / submission. Not that the latter two protocols would solve all spam tomorrow. Alex
Current thread:
- Re: SMTP authentication for broadband providers, (continued)
- Re: SMTP authentication for broadband providers Valdis . Kletnieks (Feb 11)
- Re: SMTP authentication for broadband providers Sean Donelan (Feb 11)
- Re: SMTP authentication for broadband providers Will Yardley (Feb 11)
- Re: SMTP authentication for broadband providers Suresh Ramasubramanian (Feb 11)
- Re: SMTP authentication for broadband providers Valdis . Kletnieks (Feb 11)
- Re: SMTP authentication for broadband providers Sean Donelan (Feb 11)
- Re: SMTP authentication for broadband providers Daniel Senie (Feb 11)
- Re: SMTP authentication for broadband providers Sean Donelan (Feb 11)
- Re: SMTP authentication for broadband providers Alex Bligh (Feb 11)
- Re: SMTP authentication for broadband providers Sean Donelan (Feb 11)
- Re: SMTP authentication for broadband providers Alex Bligh (Feb 11)
- Re: SMTP authentication for broadband providers Dave Crocker (Feb 12)
- Re: SMTP authentication for broadband providers Lou Katz (Feb 11)
- RE: SMTP authentication for broadband providers Alexander Kiwerski (Feb 12)
- Re: SMTP authentication for broadband providers Lou Katz (Feb 12)
- Re: SMTP authentication for broadband providers Alex Bligh (Feb 12)