Re: [ALL] Wash Post criticizes Cox over email security

Author	All Replies
Radardan join:2003-08-15 Scottsdale, AZ	reply to state Re: [ALL] Wash Post criticizes Cox over email security said by state : said by stanley_qaz : Too complicated for spammers to easily set something like this up. They're looking for a quick and dirty solution. I think your analysis may be a little old fashioned meaning "last year". (Hey, I'm an older guy so not casting aspersions on anyone.) I think spammers and other online criminals are much more sophisticated today so a simple change like using an alternate port for SMTP is considered part of "quick and dirty". But to use the default port via Cox is a no-brainer as well. My domain has certainly been "Joe-Jobbed" so as long as Cox sees a real return address (it doesn't have to be on Cox.net) Cox's SMTP will accept it. We all "assume" of course that they have some upper limit of sending email that will get an account flagged for security. FWIW my impression of online criminals this year is that they are very sophisticated and one can no longer judge the validity of software processes or spam based on the poor capitalization or spelling. They hijack known program names just like they hijack my domain as a return address. "Quick and dirty" has morphed into criminal gangs employing man-in-the-middle phishing scams and using known vulnerabilities to install software behind the users back. I've learned first hand by seeing infected Windows boxes that security must be policy with no exceptions like for passwords being transmitted unencrypted.
Radardan join:2003-08-15 Scottsdale, AZ	to forum · permalink · · 2007-02-05 21:00:33 ·
stanley_qaz Premium join:2003-03-17 Gilbert, AZ ·HughesNet Satellit.. ·Cox HSI	said by Radardan : said by state : said by stanley_qaz : Too complicated for spammers to easily set something like this up. They're looking for a quick and dirty solution. I think you oopsed the quotes there, looks like that one came from state. Spammers like quick and dirty but considering the big bucks to be made in sending spam they are willing to spend some major money getting the code they need written. Trying to mickey mouse a simple fix isn't going to work long term. However, regardless of the port used the ISP must implement some form of access restriction. Most good ISPs require a user name and password to access their outgoing mail server. This does two things, first a spammer or spam program must find and use your userid and password to send mail through their server, second any message sent can be traced back to the user that sent it directly by account name instead of having to track them back by IP. Since the mail server tracks by userid it is simple to have it drop access for a userid that is spamming and send the user a message telling them why their mail sending was shut down. It could be done by IP but not as cleanly and with worse side effects. Middling good ISPs implement something like POP before SMTP that only lets you send mail within a short window after you check it. That really is a pain in the behind! A Joe job does not need to originate from your ISP, it can be sent from anywhere there is access to an SMTP server. Any security policy that allows the use of Windows to connect to the Internet isn't a "security" policy, its just a policy that gives you a warm fuzzy feeling until you get infested.
	to forum · permalink · · 2007-02-05 22:07:40 ·


Wednesday, 25-Nov 22:28:59	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF