[Top] [All Lists]

Re: MyDoom, Sorbig - Actions taken?

2004-02-05 17:01:14

Dan Wing wrote:

It's possible, and reasonable, for an SMTP server that accepts
mail submission to require a username/password and apply policy
based on that username/password.  This is available today with the
AUTH extension to SMTP.

Yep. This message is an example.

Of course today nearly all SMTP servers that accept mail
submission merely validate the legitimacy of the sender based
on the sender being in the ISP's (or enterprise's) IP address

That wouldn't work for this message; it's hitting my ISP's outbound
SMTP server from a different address space.  This machine being a
laptop, that is frequently the case.

In either case, though, the SMTP server that accepts mail submission
can fairly trivially validate the MAIL FROM address, and even the
From: address, based on the IP address (or username/password) of
the user.

Not necessarily; an email address and IP address are not always
related.  A shared secret is another matter.

For example, all business mail egressing Cisco's network
should have a MAIL FROM with,

Please don't misinterpret the intent of the following question; I'm
just checking to see how unusual Cisco really is.  Does Cisco
provide any sort of network access for visitors (consultants,
suppliers, major customers, etc.)?  If so, does Cisco require such
visitors to use in MAIL FROM of outbound email (which
may be headed for a non-Cisco SMTP server)?