Re: Finding a replacement for my ISP's smtp server

To: debian-user@lists.debian.org
Subject: Re: Finding a replacement for my ISP's smtp server
From: Joe <joe@jretrading.com>
Date: Thu, 31 Jul 2014 17:37:21 +0100
Message-id: <[🔎] 20140731173721.501c1c3d@jretrading.com>
In-reply-to: <[🔎] 20140731143730.GJ19277@copernicus.demon.co.uk>
References: <[🔎] CADQD7YWtRF0xNRYmw5vrZ8heYpmc3d0DZMAz8pzgD6SaYcAzQg@mail.gmail.com> <[🔎] 20140727090329.GA25374@bryant.redmars.org> <[🔎] 27072014130049.5cf50ed3a4a9@desktop.copernicus.demon.co.uk> <[🔎] 20140728140229.32ad99ba@bonifac.skk> <[🔎] 28072014145359.36b1c2183ed1@desktop.copernicus.demon.co.uk> <[🔎] 53D65F5B.1070305@attglobal.net> <[🔎] 28072014174804.fdd19e1d8245@desktop.copernicus.demon.co.uk> <[🔎] 20140728221209.7ddeca72@jretrading.com> <[🔎] 20140731143730.GJ19277@copernicus.demon.co.uk>

On Thu, 31 Jul 2014 15:37:31 +0100
Brian <ad44@cityscape.co.uk> wrote:

> 
> What I do not understand is what prevents the malware (assuming it can
> signicantly control the machine) from using the same authentication to
> send spam as before. Isn't this back to square 1?
> 
> 

I would assume it can, if it operates your email client under your
credentials. But this may well leave traces, when you find sent mail
that you definitely know you didn't send, or alien names added to your
address book, that the malware has failed to erase properly. It is
probably difficult for malware to pick security stuff out of the
Registry without making a valid logon. Microsoft may be rubbish at
general security, but these days it has to meet fairly strict standards
for email confidentiality if it wants corporate US clients,
particularly medical and legal ones. The preference is for malware to
use a primitive SMTP engine which is entirely separate from the
compromised system's email.

Also, probably more important, your mail hosting company may well spot
the spam going through their own mail server, whereas they are probably
less likely to spot outgoing spam just passing through their routers,
along with hundreds of torrent feeds... I'm sure the ISPs will be
required to monitor and analyse all traffic in and out of their
customers' systems one day, but I doubt that they're looking forward to
it.

-- 
Joe

Reply to:

Follow-Ups:
- Re: Finding a replacement for my ISP's smtp server
  - From: Brian <ad44@cityscape.co.uk>

References:
- Finding a replacement for my ISP's smtp server
  - From: Paul E Condon <pecondon@mesanetworks.net>
- Re: Finding a replacement for my ISP's smtp server
  - From: Jonathan Dowland <jmtd@debian.org>
- Re: Finding a replacement for my ISP's smtp server
  - From: Brian <ad44@cityscape.co.uk>
- Re: Finding a replacement for my ISP's smtp server
  - From: Slavko <linux@slavino.sk>
- Re: Finding a replacement for my ISP's smtp server
  - From: Brian <ad44@cityscape.co.uk>
- Re: Finding a replacement for my ISP's smtp server
  - From: Jerry Stuckle <jstuckle@attglobal.net>
- Re: Finding a replacement for my ISP's smtp server
  - From: Brian <ad44@cityscape.co.uk>
- Re: Finding a replacement for my ISP's smtp server
  - From: Joe <joe@jretrading.com>
- Re: Finding a replacement for my ISP's smtp server
  - From: Brian <ad44@cityscape.co.uk>

Prev by Date: Re: dev/log in jail
Next by Date: Re: dev/log in jail
Previous by thread: Re: Finding a replacement for my ISP's smtp server
Next by thread: Re: Finding a replacement for my ISP's smtp server
Index(es):
- Date
- Thread