is the end of smtp-auth near?

When securing a mail server against relaying, a commonly used method to allow authorized users from outside the server's network to use it is SMTP-AUTH. This allows web hosts and ISPs to provide an SMTP server for their remote or travelling users to use and it is secured by username and password.
Lately, there have been reports of servers (especially Exchange) being used as relays even though they were secured. The compromise appears to be via weak passwords and the spammer is trying common default and/or simple username/password combinations to send mail as an authorized user.
Disabling default accounts should be part of any server hardening. But, what about end users with weak passwords? Many email servers don't have a facility to enable strong passwords and even those that do are typically disabled due to the support headaches it causes. Are we finally getting to where you will have to relay your mail through the ISP you connect through?
Oh, and does anyone still doubt spammers are criminals?

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s