On 26/10/2011 04:35, Blake Hudson wrote:
An infected machine can just as easily send out mail on port 587 as it can using port 25. It's not hard for bot net hearders to come up with a list of valid credentials stolen from email clients, via key loggers, or simply guessed through probability. I see it every day.
The difference is that it is the relay that accepts the spam on 587 that ends up on the blacklists. A mail server with a sysadmin that might care and probably sees business impact in not fixing the problem. As apposed to an end user that doesn't give a hoot. Compromised mail authentication details are quick and easy to take down. A server mis-configured as an open relay on 587 is a one time fix. End users infected with nasties are a support desk blackhole. Hours of time explaining to moms and pops how to download anti-virus and install it and configure it and run it... -- Graham Beneke