Re: [ALL] Wash Post criticizes Cox over email security

stanley_qaz Premium join:2003-03-17 Gilbert, AZ ·HughesNet Satellit.. ·Cox HSI	reply to Radardan Re: [ALL] Wash Post criticizes Cox over email security said by Radardan : said by state : said by stanley_qaz : Too complicated for spammers to easily set something like this up. They're looking for a quick and dirty solution. I think you oopsed the quotes there, looks like that one came from state. Spammers like quick and dirty but considering the big bucks to be made in sending spam they are willing to spend some major money getting the code they need written. Trying to mickey mouse a simple fix isn't going to work long term. However, regardless of the port used the ISP must implement some form of access restriction. Most good ISPs require a user name and password to access their outgoing mail server. This does two things, first a spammer or spam program must find and use your userid and password to send mail through their server, second any message sent can be traced back to the user that sent it directly by account name instead of having to track them back by IP. Since the mail server tracks by userid it is simple to have it drop access for a userid that is spamming and send the user a message telling them why their mail sending was shut down. It could be done by IP but not as cleanly and with worse side effects. Middling good ISPs implement something like POP before SMTP that only lets you send mail within a short window after you check it. That really is a pain in the behind! A Joe job does not need to originate from your ISP, it can be sent from anywhere there is access to an SMTP server. Any security policy that allows the use of Windows to connect to the Internet isn't a "security" policy, its just a policy that gives you a warm fuzzy feeling until you get infested.
	to forum · permalink · · 2007-02-05 22:07:40 ·
Radardan join:2003-08-15 Scottsdale, AZ	reply to state said by state : said by stanley_qaz : Too complicated for spammers to easily set something like this up. They're looking for a quick and dirty solution. I think your analysis may be a little old fashioned meaning "last year". (Hey, I'm an older guy so not casting aspersions on anyone.) I think spammers and other online criminals are much more sophisticated today so a simple change like using an alternate port for SMTP is considered part of "quick and dirty". But to use the default port via Cox is a no-brainer as well. My domain has certainly been "Joe-Jobbed" so as long as Cox sees a real return address (it doesn't have to be on Cox.net) Cox's SMTP will accept it. We all "assume" of course that they have some upper limit of sending email that will get an account flagged for security. FWIW my impression of online criminals this year is that they are very sophisticated and one can no longer judge the validity of software processes or spam based on the poor capitalization or spelling. They hijack known program names just like they hijack my domain as a return address. "Quick and dirty" has morphed into criminal gangs employing man-in-the-middle phishing scams and using known vulnerabilities to install software behind the users back. I've learned first hand by seeing infected Windows boxes that security must be policy with no exceptions like for passwords being transmitted unencrypted.
	to forum · permalink · · 2007-02-05 21:00:33 ·
NormanS Premium,MVM join:2001-02-14 San Jose, CA ·Pacific Bell - SBC	reply to stanley_qaz said by stanley_qaz : osing port 25 means I can't send e-mail via any server other than Cox's unless I can get them to open a port other than 25 for me. I can send email through: smtp.aim.com smtp.aol.com smtp.gmail.com smtp.myrealbox.com I can do that despite an AT&T port 25 block. How? Message Submission ports. Any email service worth using will offer SMTP access through Message Submission ports; typically either port 465, or port 587. No, spammers won't easily abuse those ports. They will need accounts with the providers, and will quickly lose those accounts if they spam through them. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum
	to forum · permalink · · 2007-02-05 16:48:33 ·
NormanS Premium,MVM join:2001-02-14 San Jose, CA ·Pacific Bell - SBC	reply to robertfl said by robertfl : ISP's can help stop the spam. If they want to and doing things like blocking port 25 isn't the bloody answer. Maybe not, but... Comcast uses selective port 25 blocking. They block customers identified as having abusive port 25 traffic. I see fewer Comcast zombie connections to my mail server than Verizon zombie connections. Verizon has half as many customers as Comcast, but half again as many zombie connections. Verizon does not block port 25 at all. Back when it was still SBC, I got more zombie connections from them than from Comcast; though Comcast had more customers. Then they implemented full port 25 blocking. SBC zombie connections attempts dropped significantly subsequently. Today AT&T (the renamed SBC) connection attempts are significantly lower than Comcast zombie connection attempts (by a factor of 10), even though AT&T now has more customers. No. I guess port 25 blocking isn't all that effective after all........ -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum
	to forum · permalink · · 2007-02-05 16:43:35 ·
state stress magnet Premium,Mod join:2002-02-08 Hampton, VA clubs: Host: Webhosting Sonic.net UK Broadband Washington & Balti.. UK Chat 1 edit	reply to stanley_qaz said by stanley_qaz : Maybe I'm missing something here? No, I don't think so. Your points seem pretty accurate. My response to robertfl was solely addressing the open port 25 issue. said by stanley_qaz : Closing port 25 means I can't send e-mail via any server other than Cox's unless I can get them to open a port other than 25 for me. Correct. In order for a botnet or spammer application to be effective it would need to send mail to the remote MTA on port 25. If the spammers used an alternate port (say 26 for example) they would need a mailserver setup to listen on that port and relay the messages. This would require quite a bit of overhead - updating zombied machines as their SMTP relays were either blocked or taken down, etc. Too complicated for spammers to easily set something like this up. They're looking for a quick and dirty solution. said by stanley_qaz : Cox on the other hand appears to still have their server set up to discard some of my outgoing e-mail without notice coming back to me. I've seen scattered reports about this, but have not experienced it firsthand. said by stanley_qaz : Even while dumping my outgoing mail and refusing to let me use an outside server (without special configuration) Cox does not require authentication to send via their SMTP server allowing some spam to go out over it. Absolutely correct. To relay mail through Cox's SMTP server (from their network of course) there is no authentication required. But again, I'm only addressing the outbound port 25 issue.
	to forum · permalink · · 2007-02-04 23:41:31 ·
stanley_qaz Premium join:2003-03-17 Gilbert, AZ ·HughesNet Satellit.. ·Cox HSI	reply to state Maybe I'm missing something here? Closing port 25 means I can't send e-mail via any server other than Cox's unless I can get them to open a port other than 25 for me. Cox on the other hand appears to still have their server set up to discard some of my outgoing e-mail without notice coming back to me. Even while dumping my outgoing mail and refusing to let me use an outside server (without special configuration) Cox does not require authentication to send via their SMTP server allowing some spam to go out over it. I wouldn't be so unhappy with the situation if Cox would at least make the minimal effort to let me know they decided my mail was undeserving of delivery and that they had trashed it.
	to forum · permalink · · 2007-02-04 23:30:24 ·
state stress magnet Premium,Mod join:2002-02-08 Hampton, VA clubs: Host: Webhosting Sonic.net UK Broadband Washington & Balti.. UK Chat	reply to robertfl said by robertfl : ISP's can help stop the spam. If they want to and doing things like blocking port 25 isn't the bloody answer. I'm going to have to disagree with you there. Blocking port 25 outbound from non-business customer accounts is a huge step in the right direction to stop spam. Millions upon millions of customer computers (not just Cox customers) get infected with trojans/viruses that have the capability to send out unsolicited bulk email. Closing port 25 puts internet service providers in a much better position to monitor and control that sort of traffic since it must flow through their SMTP servers.
	to forum · permalink · · 2007-02-04 23:10:58 ·
robertfl Premium join:2005-10-10 Mary Esther, FL ·Cox VOIP 1 edit	reply to BillRoland Maybe like me you abandoned Cox email long ago due to the SPAM. --- Spam will con't to exist as long as people think HTML looks pretty in e-mails. Spam bots will con't to exist while people's pc's while poeple allow them. ISP's can't work on the problem but they can help by EDUCATING the end user about Windows security. Stop offering such cheap software to protect the end users PCs and offer FREE and MORE reliable software that WORKS better then what ISP's offer. ISP's can help stop the spam. If they want to and doing things like blocking port 25 isn't the bloody answer. I'm not an expert but I have done my reserch and I do talk to people who clean computers for a living who are professionals they gave me (FREE) software that literally saved my PC a few times. Rob
	to forum · permalink · · 2007-02-04 22:30:59 ·


Thursday, 03-Dec 16:36:42	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF