You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by ha...@t-online.de on 2006/08/03 09:10:13 UTC
Re: What changes would you make to stop spam? - United Nations Paper
>>
>>
>> jdow wrote:
>> > From: "Marc Perkel" <ma...@perkel.com>
>> >>
>> >> Magnus Holmgren wrote:
>> >>> On Wednesday 02 August 2006 14:37, Marc Perkel took the opportunity
>> >>> to say:
>> >>>
>> >>>> Why not just eliminate the SMTP protocol for end users and keep
>> >>>> SMTP as
>> >>>> a server to server protocol and have users send theit email to the
>> >>>> server by extending POP/IMAP to send email. It created an
>> >>>> authenticated
>> >>>> connection back to the server where the POP/IMAP server hands it
>> >>>> off to
>> >>>> the SMTP server. That way email clients aren't using the same protocol
>> >>>> as email servers.
>> >>>>
>> >>>
>> >>> Why? It's not, like, that MUAs try to deliver directly to the
>> >>> recipient MX. If all ISPs block port 25 outbound, it doesn't matter
>> >>> what protocol end users use to submit their mail to their local MTA.
>> >>> Otherwise, zombies can still try to connect directly, and you'll
>> >>> have to rely on DUL and other blacklists to figure out which IP
>> >>> addresses belong to end users.
>> >>>
>> >> The zombies wouldn't be able to connect because the zombies wouldn't
>> >> have the IMAP password.
>> >
>> > Marc, if the system has been zombified that means a password guessing
>> > routine is already present. It can track down the email program's
>> > settings and decrypt it, if needed. Or it can simply be intercepted.
>> >
>> > Requiring IMAP requires MUAs be rewritten to handle the special casing
>> > that would be required to have IMAP as the sending tool. Using smtpauth
>> > gives more flexibility in design for ISPs and users.
>> >
>> > {^_^}
>> >
>>
>> So you think that viruses are going to know how to find and decrypt the
>> passwords of all email programs?
>>
>> Nice trick.
>>
Hi,
I believe that a big majority of users uses just one program .... so if malware is able to
work with just that program, there will be still enough paths for spammers to send their
stuff.
It is similar to virus writers to rely on deficiencies in just one browser
Wolfgang Hamann