Re: Finding a replacement for my ISP's smtp server
On 7/31/2014 12:47 PM, Brian wrote:
> On Thu 31 Jul 2014 at 10:52:39 -0400, Jerry Stuckle wrote:
>
>> On 7/31/2014 10:37 AM, Brian wrote:
>>>
>>> The reason for doing it given is generally along the lines of:
>>>
>>> Much of the current use of port 25 is by computers that have been
>>> infected by malware and are sending spam without the knowledge of
>>> the users of those computers. Port 587 improves security through
>>> the use of required authentication and recommended TLS/SSL
>>> encryption.
>>>
>>> What I do not understand is what prevents the malware (assuming it can
>>> signicantly control the machine) from using the same authentication to
>>> send spam as before. Isn't this back to square 1?
>>
>> Nothing, if the malware can get the userid and password. However, to do
>> so you have to store the information on your machine. Additionally, the
>> malware has to know which MUA you're using (to figure out where the
>> userid and password are stored), and if your MUA has encrypted the
>> information, how to decrypt it.
>
> One would expect the ISP's strategy to factor in the sophistication of
> malware. which is presumably sophisticated enough to be able to use port
> 25.
>
Which is why many ISPs now block Port 25 from residential users.
>> Not impossible, by any means. But much harder than just sending over
>> port 25, which requires none of the above.
>
> The ISP's concern is (or should be) the customers who allow sending of
> spam "without the knowledge of the users of those computers". These
> same incompetent customers are now all going to start encrypting the
> usernames and passwords used for sending email?
>
>
Most MUAs can already encrypt the password (and sometimes the userid) if
it is saved on the disk. Thunderbird does this, for instance. I assume
Outlook does also, although I haven't checked it.
I should add the malware would also have to know the MTA the
userid/password are for. Again, not impossible by any means - but just
one more thing the malware has to discover.
For instance, I use my own mail server for most of my email; this
account is used for non-business related stuff.
Jerry
Reply to: