J wrote the following on 10/25/2011 9:25 PM:
Blake Hudson wrote:
If
587 becomes popular, spammers will move on and the same ISPs that
blocked 25 will follow suit.
I don't see this happening as easily. Authenticated means an easier
shutdown of an account, rather than some form of port block/etc.
An infected machine can just as easily send out mail on port 587 as it
can using port 25. It's not hard for bot net hearders to come up with a
list of valid credentials stolen from email clients, via key loggers, or
simply guessed through probability. I see it every day.
I will shutdown a compromised account on my end, but that doesn't stop
ATT's infected subscriber from spamming 100 other servers using 100
other stolen credentials. I may also send an abuse report to ATT if they
have an infected machine trying to perform a dictionary attack or brute
force logins against my port 587 SMTP server. ATT's going to deal with
the abuse reports as cheaply as possible. If they receive enough, I have
no doubt they'll repeat past mistakes.
