On Fri, 10 Dec 2004 16:28:17 -0500, John Leslie wrote:
> I am a simple user on an old-fashioned time-sharing machine. I run a
> spamming smtp client on a machine run by a credible service that has
> a good reputation.
>
> Does not the above convention let me spam my own host?
Probably it does -- I hadn't though through it that far...
But what's the problem?
The sending SMTP client is localhost, meaning it's something under
your own control. (I would hope your machine has a good reputation...)
Look back over my description. i'm just a user. it's not my machine.
and i could imagine that it is also a way to get the machine to do open
relaying of the spam to elsewhere. (i'm stretching a bit, here, but suspect
it's feasible.)
But, to tell truth, I think it's far easier to deal with that by
blocking localhost access to port 25...
Does anything about this belong in Best Practices?
Simpler solution: Don't build defaults into the spec, and especially no
default host id's or addresses.
d/
--
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker a t ...
www.brandenburg.com