On Fri, Feb 20, 2004 at 03:09:56PM +0000, Brian Candler wrote:
On Fri, Feb 20, 2004 at 09:36:11AM -0500, David Brodbeck wrote:
Remember that almost all Internet mail has already been through one relay:
namely the smarthost at the sender's ISP. So giving a 550 response to a
mail
with a forged sender doesn't help anyone much, because the smarthost is
then
responsible for delivering the bounce, which it cannot.
If this becomes a problem, maybe the ISP's smarthost shouldn't be
accepting mail that doesn't appear to come from an email account provided
by the ISP.
Perhaps; if ISPs did this, and blocked port 25 to force traffic through
smarthosts, there would be no need for SPF. You could also make a strong
case that all ISP users should authenticate using SMTP AUTH, so that you can
validate exactly who the user is.
Indeed. And the MTA could use SPF to check it's allowed to send on behalf of,
say, pobox.com
Last but not least: The problem shifts from where it currently is visible
(one of the receiver's MXes) to where it belongs (the originating MTA).
Currently most ISPs don't feel they have to be responsible for their users.
When that changes we've won.
cheers,
Alex
--
begin sig
http://www.googlism.com/index.htm?ism=alex+van+den+bogaerdt&type=1
This message was produced without any <iframe tags