On 7/31/2014 3:09 PM, Brian wrote: > On Thu 31 Jul 2014 at 14:43:11 -0400, Jerry Stuckle wrote: > >> On 7/31/2014 12:47 PM, Brian wrote: >>> >>> One would expect the ISP's strategy to factor in the sophistication of >>> malware. which is presumably sophisticated enough to be able to use port >>> 25. >> >> Which is why many ISPs now block Port 25 from residential users. > > The point of my remark was that malware can operate on port 25 so there > is nothing to prevent it operating on port 587. I was actually agreeing > with you when you said "Nothing". >
Yes, but Port 587 requires (or at least should require) a login; Port 25 never does for email destined for the domains being served by that MTA. >>>> Not impossible, by any means. But much harder than just sending over >>>> port 25, which requires none of the above. >>> >>> The ISP's concern is (or should be) the customers who allow sending of >>> spam "without the knowledge of the users of those computers". These >>> same incompetent customers are now all going to start encrypting the >>> usernames and passwords used for sending email? >> >> Most MUAs can already encrypt the password (and sometimes the userid) if >> it is saved on the disk. Thunderbird does this, for instance. I assume >> Outlook does also, although I haven't checked it. >> >> I should add the malware would also have to know the MTA the >> userid/password are for. Again, not impossible by any means - but just >> one more thing the malware has to discover. > > I think that once you get to discussing the capabilities of the malware > it acknowledges that port 587 presents no more problems to the malware > than port 25; it simply depends on how good the malware is. Which, as I > originally queried, brings into question the efficacy of ISPs mandating > its use. > > I'll not ask for ISP facts and figures to show how good port 587 is for > them. > > Yes, it does - again, Port 587 requires a login - which adds a huge layer of complexity to the malware. Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53da9a56.8080...@attglobal.net