On Sat, 26 Jun 2004 20:37:03 -0500, Seth Goodman wrote
You are absolutely, unarguably correct on this point. Permitting
users to forge any address once they validate themselves to the MSA
is a lazy, brain-dead and improper way to operate an MSA. The most
charitable excuse is that it is a convenience for users who don't
have SMTP AUTH access to their foreign MSA. The less charitable
explanations range from laziness to incompetence.
Of course, if they do start enforcing this, then people who own smaller
domains are in a catch-22. They can't run their own MTA -- even if they have
a static IP, often it winds up in one of the dynamic-IP blocklists, which
means a lot of sites will reject their mail. When they complain, the
suggested solution is always to go through their ISP's smarthost, but if that
avenue is blocked off as you suggest, what's left? We'd be back to the days
when small businesses were stuck having "@aol.com" addresses.