republican-creole
site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Authenticate Us From Evil > Why Auth Won't Work Without Subscriber Level

Search Topic:
 Uniqs:
296		 Share Topic
Post a:
Post a:
AuthorAll Replies

gecho XXX

join:2004-06-02
Muscatine, IA

Why Auth Won't Work Without Subscriber Level

If subscriber 1 gets a virus that sends SPAM, they send it through their server A which authenticates to other servers B, C, etc. and delivers the SPAM to their subscribers because the from is server 1's domain. But which subscriber?

Suppose you block port 25 and subscriber 1 had to authenticate specific from addresses to server A to send. Then only the allowed and authenticated from address could be included. Now you have accountability to the subscriber level where it belongs. If subscriber 1 has a different domain email address they want to use they need to register (authenticate) it with server A or they can't use it. Authenticate does not mean just be server 1,s normal network IP address. It means associate joe@serverA.com to subscriber joe and joe@differnetdomain.com also to subscriber joe so if it is sent through server A it has to have been approved as a real userid allowed through server A and it has to have come from subscriber joe.

Then you insure that server A is a registered mailserver. Non-registered servers can't play. Servers that do not use subscriber auth cannot register. Total subscriber accountability. SPAM would become a thing of the past.
to forum · permalink · 2004-06-18 11:51:13 ·

Goldengamego
Premium
join:2004-02-22
Okemos, MI
1 edit

Most viruses use their own SMTP engine, in which case they don't use your ISP's mail server. If it does use your ISP's mail server then they will spot you quickly and cut off your access.
--
Because Goldengamegod won't fit:p

to forum · permalink · 2004-06-18 12:20:12 ·

gecho XXX

join:2004-06-02
Muscatine, IA

Exactly. But if, as I said, port 25 is blocked they would, and from my logs still do by the way, try to use the ISP mailserver.

So if we just auth mailservers they just rewrite viruses to use the domain server and SPAM still flows, even though now isolated to from within the server domain. Still doesn't address who though, so you need subscriber accounting to finally close and lock the door. Otherwise whole ISPs get shut off which would be like closing down the local post office of origion for someone sending forged illegal paper mail through it. Court battles would ensue and SPAMMERs would be laughing all the way to the bank.

to forum · permalink · 2004-06-18 14:35:33 ·
Forums > Authenticate Us From Evil

Sunday, 27-May 08:55:08 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics