According to the SpamHaus Project–a U.K.-based antispam compiler of blacklists that block 8 billion messages a day–a new piece of malicious software has been created that takes over a PC. This “zombie” computer is then used to send spam via the mail server of that PC’s Internet service provider. This means the junk mail appears to come from the ISP, making it very hard for an antispam blacklist to block it.
Zombie trick expected to send spam sky-high | CNET News.com
I was afraid something like this was going to happen.
Looks like authenticated mail relaying is going to be mandatory, even inside a network.
The only IP address that will be legitimate for unauthenticated relaying is 127.0.0.1 (localhost) and the mail servers own addresses.
I have been wondering why they haven’t done this. This would make the most sense. The only thing, is many people are switching to Thunderbird, so then the virus would have to know about Outlook/Outlook Express and Thunderbird in order to fully work.