By all means, enlighten me. All I see from my limited pov is that bots are useless if disallowed from sending spam via port 25 outbound, and that every day sees hundreds if not thousands, of new bots trying to send spam to my users, which suggests that /nothing is being done to prevent them from using the available resources/. Convince me otherwise, please. I'm all ears.
1. Huge botnets of 25K-200K bots exist, and in vast numbers. They exist now for quite a few years. Only a numbered few are "fighting" them. Some of us have been lecturing on this for years, and being completely ignored. I am glad I had a small part in making this issue known. 2. Only these past few months is this becoming a "buzz". AV companies finally lowered their efforts on hyping 99% similar worms and started talking about drone armies. Currently estimates per botnet are 1K-20K, usually. 8 years ago these numbers might have been current information. 3. They (the zombie program/malware) change and get replaced very often. 4. Each infected machine is part of several such nets, as once a machine is pwned... 5. Blocking port 25 (under whatever restrictions) will stop current worms and Trojan horses from working (sending spam and themselves). Period. Not trying to be a FUSSP, it's just how they work. 6. They (the zombies) could just as easily send out spam using the user's own credentials and real account. It won't be as useful as just sending out whatever they like.. but with the huge amounts of them out there - I don't see it (port 25 blocking) solving the problem as a whole. It would kill off the current strain of malware, though. Gadi Evron.