On Mon, 10 Jan 2005 Matthew(_dot_)van(_dot_)Eerde(_at_)hbinc(_dot_)com wrote:
From: Dean Anderson [mailto:dean(_at_)av8(_dot_)com]
On Sun, 9 Jan 2005 terry(_at_)ashtonwoodshomes(_dot_)com wrote:
Agreed, but near sighted. If the sending MTA had done some
sort of validation to ensure the message
was not forged when it accepted it, then we wouldn't have a
blowback problem. You cannot blame
subsequent MTA's in the path for detecting and rejecting
bad email when its something the first hop
MTA could (and should) have done in the first place!
And just what sort of validation would that be?
Authentication (SMTP AUTH, POP-before-SMTP, etc.), restriction to
trusted IP addresses, etc. Basically the sending server is responsible
for authorizing its own use, via whatever method is most appropriate.
None of the things you listed indicate prevent forgery. Server
authorization is not related to forgery. As I pointed out, Closed relays
are "authorized", but one can still forge emails. SMTP AUTH and
Pop-before-SMTP don't prevent forgery, either.
As I already pointed you, you keep forgetting that every abuser is
someone's customer, and so has access to relay facilities. Those
facilities cannot prevent forgery.
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000