At 10:08 13/05/2002 +0100, Philip Hazel wrote:
On Sat, 11 May 2002, Paul Smith wrote:
> The difficult bits, at the moment, are: (1) knowing that the message has
> come from a server authorized to transfer mail on behalf of hotmail.com,
> and (2) if it's gone through multi-hop servers, checking that it's not been
> faked in that part of the process.
Don't forget about forwarding. Case (2) arises when a user arranges
for her "home" MTA to forward mail somewhere else, either permanently or
temporarily.
In that case, it depends whether the 'home' MTA would change the MAIL FROM
in the envelope to be someone at the home MTA's domain or leave it as the
original MAIL FROM address. (It can often be a bad idea to leave it as the
original MAIL FROM address because bounces can be very confusing then...)
If the envelope is changed to be someone at the home MTA's domain, then
this type of checking won't be any different from a mail sent directly from
the home MTA.
Paul VPOP3 - Internet Email Server/Gateway
paul(_at_)pscs(_dot_)co(_dot_)uk http://www.pscs.co.uk/