[Mimedefang] ZDnet article on new Zombie Trick

Paul Murphy pmurphy at ionixpharma.com
Thu Feb 3 11:30:03 EST 2005 

Ben wrote:

> I would think ISP's would want a greylisting filter on their 
> inbound-outbound ports...

If the spam is coming from their legitimate customers, and is indistinguishable
from normal mail, this will add nothing and annoy their customers, especially
when those using Outlook Express (i.e. most of them) see what looks  like a
server error.

On the other hand, applying quotas on outbound mail will make a big difference,
especially if the quota system is rate-based rather than volume-based, so for
example sending out 1000 messages per day from a home system might be OK if they
are at the rate of 100 per hour for 10 hours, but not OK if they are all seen in
a single hour.

> I do know SBC now blocks port 25 from dynamic DSL customers. With the trojan 
> mentioned, however, that won't matter much.

And in any case, how long will it be before the trojan stuffs keypresses or VB
script into Windows to start Outlook or Outlook Express in a hidden window if it
finds it, and then plug away sending messages with the correct client settings,
including client authentication?

> I have to implement greylisting one of these days... (sigh) Maybe this weekend

> is the day.

Since any SPAM generated through this will be coming via ISP mail servers, which
are guaranteed to try again as they are legitimate mailers rather than bulk
sending programs, greylisting will make no difference.  The ISPs will of course
see a massive increase in e-mail volumes, but a quota system would soon sort
this out.

Best Wishes,

Paul.
__________________________________________________
Paul Murphy
Head of Informatics
Ionix Pharmaceuticals Ltd
418 Science Park, Cambridge, CB4 0PA

Tel. 01223 433741
Fax. 01223 433788


_______________________________________________________________________
DISCLAIMER:
This email and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to which they
are addressed.  If you have received this email in error please contact
the sender or the Ionix IT Helpdesk on +44 (0) 1223 433741
_______________________________________________________________________

More information about the MIMEDefang mailing list