[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Finding a replacement for my ISP's smtp server

On Thu 31 Jul 2014 at 14:43:11 -0400, Jerry Stuckle wrote:

> On 7/31/2014 12:47 PM, Brian wrote:
> > 
> > One would expect the ISP's strategy to factor in the sophistication of
> > malware. which is presumably sophisticated enough to be able to use port
> > 25.
> Which is why many ISPs now block Port 25 from residential users.

The point of my remark was that malware can operate on port 25 so there
is nothing to prevent it operating on port 587. I was actually agreeing
with you when you said "Nothing". 

> >> Not impossible, by any means.  But much harder than just sending over
> >> port 25, which requires none of the above.
> > 
> > The ISP's concern is (or should be) the customers who allow sending of
> > spam "without the knowledge of the users of those computers". These
> > same incompetent customers are now all going to start encrypting the
> > usernames and passwords used for sending email?
> Most MUAs can already encrypt the password (and sometimes the userid) if
> it is saved on the disk.  Thunderbird does this, for instance.  I assume
> Outlook does also, although I haven't checked it.
> I should add the malware would also have to know the MTA the
> userid/password are for.  Again, not impossible by any means - but just
> one more thing the malware has to discover.

I think that once you get to discussing the capabilities of the malware
it acknowledges that port 587 presents no more problems to the malware
than port 25; it simply depends on how good the malware is.  Which, as I
originally queried, brings into question the efficacy of ISPs mandating
its use.

I'll not ask for ISP facts and figures to show how good port 587 is for

Reply to: