Randall A Sindlinger on 26 Aug 2009 13:45:35 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Verizon blocking port 25

On Wed, Aug 26, 2009 at 03:48:41PM -0400, jeff wrote:
> Greg Helledy wrote:
> > need to use port 587 when on the Verizon network and 25 elsewhere.  What 
> > exactly is Verizon achieving by doing this
> annoying the most people possible.
> That is apparently its own reward.

It might be annoying, but that's not the goal.  By far, most people connect
to port 25 *un*encrypted. (I know all of you manually configured your email 
clients to use StartTLS or SSL, though, right?)

As far as packet sniffing goes, port 25 is the best place to pick up people's
usernames and passwords, since its default mode is cleartext.  Once someone
has that, at best they can send _authenticated_ spam using that account.
Or worse, they can start trying that username/pw on every banking, social
networking, and shopping site they can find, and, well, try *that* for 

Quite frankly, I think Verizon is behind the curve on this.  Anybody that has
thought much about security has mostly already done this, afaik.


Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug