"Roger B.A. Klorese" <rogerk(_at_)queernet(_dot_)org> wrote:
If I'm at an airport lounge kiosk and I send email, it can either
admit that it came from airportloungekiosk.wherever, or I can connect
to Panix and send mail from there. Otherwise, if _I_ can send mail
claiming to be from <sethb(_at_)panix(_dot_)com> from the kiosk, so could
you (or
a spammer), and I don't want that.
Um, why?
If I authenticate to Panix.com, you should trust that I'm sending legit mail
through you, whatever domain I'm using to send it, or you should revoke my
ability to authenticate.
I'm a user here, not speaking for Panix.
I meant if I can send email to a random recipient (e.g. hotmail)
claiming to be <sethb(_at_)panix(_dot_)com> but I don't authenticate myself to
Panix in the process, then you can do the same. (There's no way for
me to authenticate to hotmail, because they don't know anything about
me.)
If I authenticate myself to Panix, then I can either send email
through them (in which case SPF works fine, Panix's outbound
mailservers are listed) or I can persuade them to temporarily list the
IP I'm using (if their software works that way) so hotmail will
believe me.
Seth
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg