email spoofing

Alex Neuman alex at nkpanama.com
Thu Jun 14 03:06:09 IST 2007 


Andrew MacLachlan wrote:
>> spam zombies spewing stuff out of your network and getting you
>>     
> blacklisted. >Most spam zombies will not authenticate - therefore, the
> e-mail won't leave >your network. This, combined with a firewall policy
> that only allows port >25 traffic on your own servers can mitigate a
> spam zombie problem before it >begins.
>
> How many spam zombies look for a usable relay so they can deliver their
> wares? If the firewall is configured so that only the proper MTA(s) can
> send out I can't see a problem or a need for SMTP auth on private /
> managed networks...
>
>   
Again, spam zombies will try to look for SMTP relays. If they find one 
on the local network, they will try to use it. If it won't let them send 
stuff through because authentication is needed, then the problem is 
mitigated - and you'll have lines on your log that'll let you see where 
the problem is.

It also makes roaming users more "transparent" since they can relay by 
authenticating from anywhere.

It also gives you an additional line on your headers which can be used 
to trace abuse.

The "it's more trouble than it's worth" line is the only point I see 
that is really a matter of opinion; otherwise enabling AUTH is a win-win 
situation, in my experience.

I don't want this to become a flame war or anything, it's just that this 
topic has been covered already (search for Muhamad Nauman's 
contributions on the subject), and even ISP's with thousands of users 
find it helps a lot.

Maybe I shouldn't have used the term "lazy"; in retrospect I think it 
might have hurt someone's feelings. For that I'm sorry. I just find it 
an option too easy to implement nowadays, with too much to gain and so 
little to lose. I'm responsible, directly or indirectly, for a lot of 
people's mail; I only get AUTH-related support calls once or twice a 
year, from a pool of a few thousand accounts at a couple of dozen 
companies. My clients monitor their logs for rogue machines trying to 
send out unauthenticated e-mail from their own networks and will often 
spot compromised machines that way. That's the reason why I find it 
trivial to implement and immensely beneficial.
> --
> This message was scanned by ESVA and is believed to be clean.
>
>

More information about the MailScanner mailing list