[TriLUG] Another seal broken... thinking of installing a C/R
magnus at trilug.org
Sat Jan 27 22:38:20 EST 2007
jonc at nc.rr.com wrote:
> We really need to press for smtp-auth to become the standard of the
> 21st century.
How will that fix anything? This only fixes mail within the confines of
a domain but inter-domain mail wouldn't be protected by this at all.
> SMTP-AUTH provides an access control mechanism. It can be used to
> allow legitimate users to relay mail while denying relay service to
> unauthorized users, such as spammers. It does not guarantee the
> authenticity of either the SMTP envelope sender or the RFC 2822
> "From:" header. For example, spoofing, in which one sender
> masquerades as someone else, is possible even with SMTP-AUTH.
> The SMTP-AUTH extension also allows one mail server to indicate to
> another that the sender has been authenticated when relaying mail. In
> general this requires the recipient server to trust the sending
> server, meaning this aspect of SMTP-AUTH is rarely used in the
> Internet. The recipient of an e-mail message cannot tell whether the
> sender was authenticated, so use of SMTP-AUTH is only a very partial
> solution to the problem of spam.
More information about the TriLUG