--On 11 February 2004 19:45 -0500 Sean Donelan <sean@donelan.com> wrote:
The bulk of the abuse (some people estimate 2/3's) is due to compromised computers. The owner of the computer doesn't know it is doing it. Unfortunately, once the computer is compromised any information on that computer is also compromised, including any SMTP authorization information.
SMTP Auth is not the silver bullet to solve the spam problem. ... Right now SMTP AUTH is a bit more useful because the mailer can directly identify the compromised subscriber. But I expect this to also be short-lived. Eventually the compromised computers will start passing authentication information.
Sure it's not a silver bullet. I think we ran out of silver bullets years ago. But it gives you a lot more useful information that the IP address (not much use with NAT etc.). As someone spake earlier who appeared to have actually done it, you can then rate-limit by individual users, disable individual users etc. - that's *far* harder on non-authenticated dynamic SMTP. Once someone has comprimised a machine & stolen authentication tokens you are (arguably) fighting a different battle anyway. A comprimised machine could HTTP post spam to hotmail/yahoo etc. if it wanted to - the problem is then protocol independent. My original point was that port 25 blocking by ISPs does not stop mobile users using SMTP AUTH, and the reasons for ISPs blocking port 25 are not likely to be extended to smtps / submission. Not that the latter two protocols would solve all spam tomorrow. Alex