On Wed, 2 Aug 2006, Marc Perkel wrote: > The zombies wouldn't be able to connect because the zombies wouldn't > have the IMAP password.
I think you're too optimistic about that. "remember my password" is a feature of most every email client, and the encryption key (assuming the password is even encrypted) has to be stored somewhere on the system otherwise the app would be asking the user for it. I think it's safe to assume the only way the zombie wouldn't have access to the user's password is if the user didn't choose or the email client application didn't provide the "remember my password" option. In what percentage of clients is that likely to be the case? > >> I think part of the problem is that the receiving SMTP server can't tell > >> if email is coming from another SMTP server or a virus infected spam > >> zombie. > > If you use IMAP for your outgoing email from the client you no > longer need port 25 except for server to server transfers. How is this functionally different from the ISP blocking SMTP to the rest of the Internet and requiring SMTP AUTH to their own servers (apart from requiring changes to the IMAP protocol, the servers and the clients)? How is it enough of an improvement over SMTP AUTH to justify and make attractive the work needed to implement and distribute the changes? > The only outgoing path is the IMAP connection which requires > authentication. Zombies wouldn't have the password and wouldn't > have access to any way to send email. See above. -- John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/ [EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- The problem is when people look at Yahoo, slashdot, or groklaw and jump from obvious and correct observations like "Oh my God, this place is teeming with utter morons" to incorrect conclusions like "there's nothing of value here". -- Al Petrofsky, in Y! SCOX -----------------------------------------------------------------------
