nanog mailing list archives

Re: Misguided SPAM Filtering techniques

From: Adrian Chadd <adrian () creative net au>
Date: Sun, 21 Oct 2007 14:22:33 +0800


On Sun, Oct 21, 2007, Nathan Ward wrote:

Blocking 25/TCP is acceptable, blocking 587/TCP is not - it is  
designed for mail submission to an MSA, so serves little use for  
spam, save when a spammer has detected an open mail relay listening  
on 587/TCP, or someone has (mis)configured port 587 to allow  
submission to locally hosted domains from remote hosts without  
authentication. I'd be /very/ surprised if the networks in question  
received sufficient complaints from (clueless) mail admins, who were  
being spammed via one of these techniques.


Or peoples' machines are now being infected by malware which
checks for login credentials or uses the existing mail client
via various inter-process communication techniques; re-using said
login credentials to talk to authenticated SMTP servers.

Gotta get a clue; its not enough to just authenticate who sent
the email anymore..




Adrian

Current thread:

Misguided SPAM Filtering techniques Owen DeLong (Oct 20)
- Re: Misguided SPAM Filtering techniques Nathan Ward (Oct 20)
  - Re: Misguided SPAM Filtering techniques Adrian Chadd (Oct 20)
    - Re: Misguided SPAM Filtering techniques Nathan Ward (Oct 20)
  - Re: Misguided SPAM Filtering techniques Tony Finch (Oct 22)
- Re: Misguided SPAM Filtering techniques D'Arcy J.M. Cain (Oct 21)
  - Re: Misguided SPAM Filtering techniques Dave Pooser (Oct 21)
    - Re: Misguided SPAM Filtering techniques D'Arcy J.M. Cain (Oct 21)
    - Re: Misguided SPAM Filtering techniques Sean Figgins (Oct 22)
    - Re: Misguided SPAM Filtering techniques Patrick W. Gilmore (Oct 22)
    - Re: Misguided SPAM Filtering techniques Sean Figgins (Oct 22)
    - Re: Misguided SPAM Filtering techniques Valdis . Kletnieks (Oct 22)
    - Re: Misguided SPAM Filtering techniques Sean Figgins (Oct 22)

(Thread continues...)