Re: Finding a replacement for my ISP's smtp server

[Joel Rees <joel.rees@gmail.com>]

On Fri, Aug 1, 2014 at 8:05 AM, Jerry Stuckle <jstuckle@attglobal.net> wrote:
> On 7/31/2014 5:51 PM, Brian wrote:
>> [...]
>> I'm glad we can end this by both of us agreeing that "it simply depends
>> on how good the malware is."
>>
>>
>
> Yes, but the difference here is - sending to port 25 is pretty easy.
> Sending via port 587 is MUCH harder.  Hackers take the easy route; as
> long as Port 25 is available, they will send through it.  If Port 25
> ever should become unavailable to a large percentage of users, they may
> have to take the "hard" route.

Unpacking that a little further, one bad assumption when designing
security systems is that an easy, but possible route is equivalent to
a hard, but possible route.

Malware that fails to cover its tracks has been getting spammers
arrested lately. Covering tracks requires rather complex logic, logic
which can fail. When stuff fails, you have to test it or be willing to
accept the failures.

Testing is also hard work. Failures can result in jail time. And
getting a real job looks more reasonable now.

Sure, switching to port 587 is one of those tactics that helps ISPs
charge ransom money for basic services, but that's a symptom of bad
contract law and intellectual property law more than a symptom of
unsound technical specs.

(And, no, I'm not suggesting there is such a thing as good
intellectual property law.)

-- 
Joel Rees

Be careful where you see conspiracy.
Look first in your own heart.