I got a message from ftpmail(_at_)gamers(_dot_)org just now, saying that "my
request" was syntactically invalid. Here's the headers of "my
request".
...
Do spammers do this all the time - using other people's real, valid
addresses?
You've been lucky; spammers have been doing this sort of thing for years.
Has there been any progress on SMTP authentication drafts?
There has been tremendous progess, both in terms of developing secure
message formats as well as SMTP authentication services.
Both the S/MIME and PGP groups met at the Chicago IETF and both groups are
nearing completion of their work. See
http://www.ietf.org/html.charters/wg-dir.html for information on and the status
of these groups.
There was an informal meeting at the Chicago IETF to discuss the SMTP AUTH
draft. But this is not the right list for such discussions; the right list is
the ietf-sasl list hosted, I believe, by imc.org.
Last I saw was a kind of nice server-/gateway-based thing by Donald Eastman.
I suspect you are referring to MUSE, which was written by Donald Eastlake.
AFAIK MUSE is dead. There is, however, a gateway security draft I've written
that is similar and which was discussed at the MailRev BOF at the last IETF. A
new version of the draft should be out soon and it will then be last called:
draft-freed-gatesec-03.txt.
Is it (or anything else) moving towards production use?
Both S/MIME and PGP have been in production use for some time now. However,
unless and until use of such services is nearly universal they won't
offer much hope of solving the spam problem.
SMTP AUTH is certainly useful as a part of some relay blocking setups. We're
now seeing rapid deployment of this in both clients and servers, although there
is still some standards work to be done here. And while this service
can in some local setups prevent certain kinds of forgeries, it is again
no solution to the general spam or forgery problem.
Ned