Re: [ALL] Wash Post criticizes Cox over email security

Author	All Replies
stanley_qaz Premium join:2003-03-17 Gilbert, AZ ·HughesNet Satellit.. ·Cox HSI	reply to state Re: [ALL] Wash Post criticizes Cox over email security Maybe I'm missing something here? Closing port 25 means I can't send e-mail via any server other than Cox's unless I can get them to open a port other than 25 for me. Cox on the other hand appears to still have their server set up to discard some of my outgoing e-mail without notice coming back to me. Even while dumping my outgoing mail and refusing to let me use an outside server (without special configuration) Cox does not require authentication to send via their SMTP server allowing some spam to go out over it. I wouldn't be so unhappy with the situation if Cox would at least make the minimal effort to let me know they decided my mail was undeserving of delivery and that they had trashed it.
	to forum · permalink · · 2007-02-04 23:30:24 ·
state stress magnet Premium,Mod join:2002-02-08 Hampton, VA clubs: Host: Webhosting Sonic.net UK Broadband Washington & Balti.. UK Chat 1 edit	said by stanley_qaz : Maybe I'm missing something here? No, I don't think so. Your points seem pretty accurate. My response to robertfl was solely addressing the open port 25 issue. said by stanley_qaz : Closing port 25 means I can't send e-mail via any server other than Cox's unless I can get them to open a port other than 25 for me. Correct. In order for a botnet or spammer application to be effective it would need to send mail to the remote MTA on port 25. If the spammers used an alternate port (say 26 for example) they would need a mailserver setup to listen on that port and relay the messages. This would require quite a bit of overhead - updating zombied machines as their SMTP relays were either blocked or taken down, etc. Too complicated for spammers to easily set something like this up. They're looking for a quick and dirty solution. said by stanley_qaz : Cox on the other hand appears to still have their server set up to discard some of my outgoing e-mail without notice coming back to me. I've seen scattered reports about this, but have not experienced it firsthand. said by stanley_qaz : Even while dumping my outgoing mail and refusing to let me use an outside server (without special configuration) Cox does not require authentication to send via their SMTP server allowing some spam to go out over it. Absolutely correct. To relay mail through Cox's SMTP server (from their network of course) there is no authentication required. But again, I'm only addressing the outbound port 25 issue.
	to forum · permalink · · 2007-02-04 23:41:31 ·
NormanS Premium,MVM join:2001-02-14 San Jose, CA ·Pacific Bell - SBC	reply to stanley_qaz said by stanley_qaz : osing port 25 means I can't send e-mail via any server other than Cox's unless I can get them to open a port other than 25 for me. I can send email through: smtp.aim.com smtp.aol.com smtp.gmail.com smtp.myrealbox.com I can do that despite an AT&T port 25 block. How? Message Submission ports. Any email service worth using will offer SMTP access through Message Submission ports; typically either port 465, or port 587. No, spammers won't easily abuse those ports. They will need accounts with the providers, and will quickly lose those accounts if they spam through them. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum
	to forum · permalink · · 2007-02-05 16:48:33 ·
Radardan join:2003-08-15 Scottsdale, AZ	reply to state said by state : said by stanley_qaz : Too complicated for spammers to easily set something like this up. They're looking for a quick and dirty solution. I think your analysis may be a little old fashioned meaning "last year". (Hey, I'm an older guy so not casting aspersions on anyone.) I think spammers and other online criminals are much more sophisticated today so a simple change like using an alternate port for SMTP is considered part of "quick and dirty". But to use the default port via Cox is a no-brainer as well. My domain has certainly been "Joe-Jobbed" so as long as Cox sees a real return address (it doesn't have to be on Cox.net) Cox's SMTP will accept it. We all "assume" of course that they have some upper limit of sending email that will get an account flagged for security. FWIW my impression of online criminals this year is that they are very sophisticated and one can no longer judge the validity of software processes or spam based on the poor capitalization or spelling. They hijack known program names just like they hijack my domain as a return address. "Quick and dirty" has morphed into criminal gangs employing man-in-the-middle phishing scams and using known vulnerabilities to install software behind the users back. I've learned first hand by seeing infected Windows boxes that security must be policy with no exceptions like for passwords being transmitted unencrypted.
Radardan join:2003-08-15 Scottsdale, AZ	to forum · permalink · · 2007-02-05 21:00:33 ·
stanley_qaz Premium join:2003-03-17 Gilbert, AZ ·HughesNet Satellit.. ·Cox HSI	said by Radardan : said by state : said by stanley_qaz : Too complicated for spammers to easily set something like this up. They're looking for a quick and dirty solution. I think you oopsed the quotes there, looks like that one came from state. Spammers like quick and dirty but considering the big bucks to be made in sending spam they are willing to spend some major money getting the code they need written. Trying to mickey mouse a simple fix isn't going to work long term. However, regardless of the port used the ISP must implement some form of access restriction. Most good ISPs require a user name and password to access their outgoing mail server. This does two things, first a spammer or spam program must find and use your userid and password to send mail through their server, second any message sent can be traced back to the user that sent it directly by account name instead of having to track them back by IP. Since the mail server tracks by userid it is simple to have it drop access for a userid that is spamming and send the user a message telling them why their mail sending was shut down. It could be done by IP but not as cleanly and with worse side effects. Middling good ISPs implement something like POP before SMTP that only lets you send mail within a short window after you check it. That really is a pain in the behind! A Joe job does not need to originate from your ISP, it can be sent from anywhere there is access to an SMTP server. Any security policy that allows the use of Windows to connect to the Internet isn't a "security" policy, its just a policy that gives you a warm fuzzy feeling until you get infested.
	to forum · permalink · · 2007-02-05 22:07:40 ·


Saturday, 28-Nov 11:06:29	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF