Re: Finding a replacement for my ISP's smtp server
On 7/31/2014 3:09 PM, Brian wrote:
> On Thu 31 Jul 2014 at 14:43:11 -0400, Jerry Stuckle wrote:
>
>> On 7/31/2014 12:47 PM, Brian wrote:
>>>
>>> One would expect the ISP's strategy to factor in the sophistication of
>>> malware. which is presumably sophisticated enough to be able to use port
>>> 25.
>>
>> Which is why many ISPs now block Port 25 from residential users.
>
> The point of my remark was that malware can operate on port 25 so there
> is nothing to prevent it operating on port 587. I was actually agreeing
> with you when you said "Nothing".
>
Yes, but Port 587 requires (or at least should require) a login; Port 25
never does for email destined for the domains being served by that MTA.
>>>> Not impossible, by any means. But much harder than just sending over
>>>> port 25, which requires none of the above.
>>>
>>> The ISP's concern is (or should be) the customers who allow sending of
>>> spam "without the knowledge of the users of those computers". These
>>> same incompetent customers are now all going to start encrypting the
>>> usernames and passwords used for sending email?
>>
>> Most MUAs can already encrypt the password (and sometimes the userid) if
>> it is saved on the disk. Thunderbird does this, for instance. I assume
>> Outlook does also, although I haven't checked it.
>>
>> I should add the malware would also have to know the MTA the
>> userid/password are for. Again, not impossible by any means - but just
>> one more thing the malware has to discover.
>
> I think that once you get to discussing the capabilities of the malware
> it acknowledges that port 587 presents no more problems to the malware
> than port 25; it simply depends on how good the malware is. Which, as I
> originally queried, brings into question the efficacy of ISPs mandating
> its use.
>
> I'll not ask for ISP facts and figures to show how good port 587 is for
> them.
>
>
Yes, it does - again, Port 587 requires a login - which adds a huge
layer of complexity to the malware.
Jerry
Reply to: