On Thu 31 Jul 2014 at 14:43:11 -0400, Jerry Stuckle wrote: > On 7/31/2014 12:47 PM, Brian wrote: > > > > One would expect the ISP's strategy to factor in the sophistication of > > malware. which is presumably sophisticated enough to be able to use port > > 25. > > Which is why many ISPs now block Port 25 from residential users.
The point of my remark was that malware can operate on port 25 so there is nothing to prevent it operating on port 587. I was actually agreeing with you when you said "Nothing". > >> Not impossible, by any means. But much harder than just sending over > >> port 25, which requires none of the above. > > > > The ISP's concern is (or should be) the customers who allow sending of > > spam "without the knowledge of the users of those computers". These > > same incompetent customers are now all going to start encrypting the > > usernames and passwords used for sending email? > > Most MUAs can already encrypt the password (and sometimes the userid) if > it is saved on the disk. Thunderbird does this, for instance. I assume > Outlook does also, although I haven't checked it. > > I should add the malware would also have to know the MTA the > userid/password are for. Again, not impossible by any means - but just > one more thing the malware has to discover. I think that once you get to discussing the capabilities of the malware it acknowledges that port 587 presents no more problems to the malware than port 25; it simply depends on how good the malware is. Which, as I originally queried, brings into question the efficacy of ISPs mandating its use. I'll not ask for ISP facts and figures to show how good port 587 is for them. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140731190943.gl19...@copernicus.demon.co.uk
