[TriLUG] Another seal broken... thinking of installing a C/R anti-spam system

Magnus magnus at trilug.org
Sat Jan 27 22:38:20 EST 2007


jonc at nc.rr.com wrote:
> We really need to press for smtp-auth to become the standard of the
> 21st century.

How will that fix anything?  This only fixes mail within the confines of
a domain but inter-domain mail wouldn't be protected by this at all.

http://en.wikipedia.org/wiki/SMTP-AUTH says:
> SMTP-AUTH provides an access control mechanism. It can be used to
> allow legitimate users to relay mail while denying relay service to
> unauthorized users, such as spammers. It does not guarantee the
> authenticity of either the SMTP envelope sender or the RFC 2822
> "From:" header. For example, spoofing, in which one sender
> masquerades as someone else, is possible even with SMTP-AUTH.
> 
> The SMTP-AUTH extension also allows one mail server to indicate to
> another that the sender has been authenticated when relaying mail. In
> general this requires the recipient server to trust the sending
> server, meaning this aspect of SMTP-AUTH is rarely used in the
> Internet. The recipient of an e-mail message cannot tell whether the
> sender was authenticated, so use of SMTP-AUTH is only a very partial
> solution to the problem of spam.





More information about the TriLUG mailing list