[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Spam Solution

To: Larry Seltzer <larry@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Spam Solution
From: Gadi Evron <ge@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 18 Jun 2004 15:01:01 +0200

SMTP AUTH cracking and using the ISP account? Not that it can't and won't be 
done, but
I'm aware of no actual examples. Could you cite one please?

I was referring to using Trojaned machines and using the user's actual email address. Much like you were, only I was talking of using Outlook.

So if you have enough systems doing it you can send unauthenticated mail 
through servers
that require authentication? Please explain this to me.

See above.

No it doesn't. It's enough that MTAs can choose for a while to treat authenticated and unauthenticated mail differently. And before too long if the major ISPs and major corporations and government adopt the scheme (and there's an excellent chance they will) others will be forced to adopt it in order for their mail to get through reliably. Then one day admins can throw the switch and reject unauthenticated mail.

I hope you are right. I don't think you are, but I hope I am wrong.

I already went through this discussion on several mailing lists.. I think I'll quit now while ahead. :)

Gadi Evron.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] Spam Solution
  - From: Larry Seltzer

Prev by Date: [Full-Disclosure] Opera Browser version 7.51 Address Bar Spoofing Vulnerability
Next by Date: Re: [Full-Disclosure] USB Auto run function
Previous by thread: RE: [Full-Disclosure] Spam Solution
Next by thread: Re: [Full-Disclosure] Spam Solution
Index(es):
- Date
- Thread