At 01:39 -0400 on 04/17/2005, John P Baker wrote about Re:
Anti-Spoofing Technology:
I had not yet looked at RFC 2822, but I have now pulled a copy and I am
taking a look at it.
What I am really thinking about is the mailbox designated by the "From:"
header.
I know that when a message is being transmitted between servers, it is
really far too late to make any determination as to the validity of the
"From:" header.
However, it seems to me that when a message first enters the mail system
(i.e., an ISP SMTP server receives a message from a client of that ISP),
validation of the return address could be required. Specifically, the
"From" mailbox specified in the message header could, pursuant to an SMTP
extension, be validated against a list of mailboxes allocated by the ISP to
the client with whom the SMTP server is in session.
Does not fly when the ISP (ie: ISP1) blocks Outgoing Port 25 and thus
forces all mail to go though their servers and you're trying to send
mail using an ISP2 (who only runs their MSA [Email Injection] on
Port25) From Address. The result in this case is that you can not
route your ISP2 mail though an ISP2 SMTP Server and the ISP1 (ie:
Current Connectivity Provider) Server rejects the From since it is an
ISP2 Mailbox not an ISP1 one.
There may already be something in the RFCs that I have yet to find.
I am just beginning my research into this.
John P Baker
Software Engineer