At 15:15 +0100 on 06/25/2005, Willemien wrote about Re: Re: Re
Anonymous Final Destination and mail submission:
> Since authorization is not required for final destination transactions, it
is anonymous in the sense that you are not required to perform any kind of
sender "checking" or "validation" to accept the transaction for a local
final destination message. You don't know if MAIL FROM is good or bad
until it is required to be used like in a bounce which will be too late in
regards to the spam spoofing problem, and for the growing eVirus problems
the worst mode of operation you can be in.
That's what I meant
If you do not know if the MAIL FROM is good or bad do not use it.
If you are "final destination" (ie: Are an SMTP Server acting as a
MTA due to being pointed to by a MX) you have to assume that the MTA
that is relaying the message to you for delivery has verified that
Mail From so you HAVE TO assume that it is valid/usable.