Thursday, June 16, 2005

hijacking smtp traffic

This week, I have been using the free WiFi service offered by the hotel I have been staying at.  I noticed that they do something that T-Mobile does.  Any time that you attempt to send mail, they redirect that connection to their server.  Since I have my mail client configured to use authentication, I get a message stating that the server does not allow authentication.

If I was not setup to authenticate my outgoing mail, it would silently go to their servers.  I have a few problems with this:

  1. They didn't inform me that they were going to do this.

  2. They could potentially store my message on their server

  3. They could also get my username, password and mail server that I use for sending mail.  So now someone could send spam using my authentication information.

I understand their desire to not allow spam to be sent through their access point, but I think that a better solution would be to block all access to this port.  If they were to do this, people would be required to use a webmail service, smtps (smtp over ssl), or tunneling though ssh or vpn.

No comments:

Post a Comment

Unlocking Raspberry Pi Potential: Navigating Network Booting Challenges for Enhanced Performance and Reliability

I've set up several Raspberry Pis around our house for various projects, but one recurring challenge is the potential for SD card failur...