On Tue, May 17, 2005 at 09:10:46AM -0400, Stuart D. Gathman wrote:
On Tue, 17 May 2005, Stuart D. Gathman wrote:
Suppose an SMTP service has domain 'service.com' and wants to
prevent cross-customer forgery. A client logs in to SMTP AUTH as 'curly'
and
gives a MAIL FROM of 'moe(_at_)example(_dot_)com'. The service then looks
for a DNS A
record at:
moe._using_.paul._at_.service.com._smtpauth_.example.com
Ooops. Typo. That should be:
moe._using_.curly._at_.service.com._smtpauth_.example.com
which would mean that example.com would trust service.com to
authenticate users __and__ example.com would allow moe to emit
mail from service.com (as moe(_at_)example(_dot_)com), but only when logged
in as user "curly(_at_)service(_dot_)com", right?
Alex