ietf-asrg
[Top] [All Lists]

Re: [Asrg] Re: "worm spam" and SPF

2004-12-04 03:22:41


SMTP AUTH is a simple and effective way.

SMTP AUTH works only between parties which know each other. I can use
SMTP AUTH to authenticate myself against our SMTP server. But when our
SMTP server forwards the mail to the target MX, it cannot use SMTP auth
to prove that it is authorized to send mail on my behalf. To the target
MX, our SMTP server is indistinguishable from some zombie sending spam
with my address. SPF, MTAmark etc. try to fix that by marking "official"
SMTP servers. Blocking port 25 outbound on dynamic ranges would
be
accomplish about the same thing (only in a more drastic and effective
way).

I meant SMTP AUTH for Sender only no the target SMTP server. It was
from the user point of view. And yes SPFand other techniques do help in MTA
to MTA transaction.

Again, you're ignoring things like discussion group/mailing lists,
message digests, and so forth.  Anybody who makes the mistake of
supporting SPF later finds that they can't send mail using their
business E-mail address when they are (say) on a cruise ship
vacation or at an Internet cafe in some other country.


mobileSender(_at_)myDomain--AUTH--> myDomain SMTP--SPF,MTAMark etc---target SMTP
|__________________________________________|

Regards,
@

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg