On 7/31/2014 5:51 PM, Brian wrote: > On Thu 31 Jul 2014 at 15:34:46 -0400, Jerry Stuckle wrote: > >> On 7/31/2014 3:09 PM, Brian wrote: >>> >>> The point of my remark was that malware can operate on port 25 so there >>> is nothing to prevent it operating on port 587. I was actually agreeing >>> with you when you said "Nothing". >> >> Yes, but Port 587 requires (or at least should require) a login; Port 25 >> never does for email destined for the domains being served by that MTA. > > I feel this is a repetition of a technical point we both agree on. >
But the difference in requiring a login on Port 587 is a very important difference. One you seem to be ignoring. >>> I think that once you get to discussing the capabilities of the malware >>> it acknowledges that port 587 presents no more problems to the malware >>> than port 25; it simply depends on how good the malware is. Which, as I >>> originally queried, brings into question the efficacy of ISPs mandating >>> its use. >>> >>> I'll not ask for ISP facts and figures to show how good port 587 is for >>> them. >> >> Yes, it does - again, Port 587 requires a login - which adds a huge >> layer of complexity to the malware. > > I'm glad we can end this by both of us agreeing that "it simply depends > on how good the malware is." > > Yes, but the difference here is - sending to port 25 is pretty easy. Sending via port 587 is MUCH harder. Hackers take the easy route; as long as Port 25 is available, they will send through it. If Port 25 ever should become unavailable to a large percentage of users, they may have to take the "hard" route. Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53dacbc1.2070...@attglobal.net
