North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SMTP authentication for broadband providers

  • From: Alex Bligh
  • Date: Wed Feb 11 20:08:21 2004



--On 11 February 2004 19:45 -0500 Sean Donelan <sean@donelan.com> wrote:

The bulk of the abuse (some people estimate 2/3's) is due to compromised
computers.  The owner of the computer doesn't know it is doing it.
Unfortunately, once the computer is compromised any information on that
computer is also compromised, including any SMTP authorization
information.

SMTP Auth is not the silver bullet to solve the spam problem. ...
Right now SMTP AUTH is a bit more useful because the mailer can directly
identify the compromised subscriber.  But I expect this to also be
short-lived.  Eventually the compromised computers will start passing
authentication information.
Sure it's not a silver bullet. I think we ran out of silver bullets years
ago. But it gives you a lot more useful information that the IP address
(not much use with NAT etc.). As someone spake earlier who appeared to have
actually done it, you can then rate-limit by individual users, disable
individual users etc. - that's *far* harder on non-authenticated dynamic
SMTP.

Once someone has comprimised a machine & stolen authentication tokens you are (arguably) fighting a different battle anyway. A comprimised machine
could HTTP post spam to hotmail/yahoo etc. if it wanted to - the problem
is then protocol independent.

My original point was that port 25 blocking by ISPs does not stop mobile
users using SMTP AUTH, and the reasons for ISPs blocking port 25 are not
likely to be extended to smtps / submission. Not that the latter two
protocols would solve all spam tomorrow.

Alex