On Fri, 10 Dec 2004 13:58:30 -0500, John Leslie wrote:
Yes, I think this should be part of any implementation: that localhost
is implied without being present in the list of IP addresses.
I'm not sure how the following scenario works out, but it strikes me as
possibly making a security hole:
I am a simple user on an old-fashioned time-sharing machine. I run a spamming
smtp client on a machine run by a credible service that has a good reputation.
Does not the above convention let me spam my own host?
d/
--
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker a t ...
www.brandenburg.com