On Wed, 23 Nov 2005, Hector Santos wrote:
But your answers do not match any experience in writing SMTP software,
especially for the public market.
Same here.
IP or ESMTP AUTH based authorization is *not* required for FINAL destination
mail (MDA). That is what makes the EMAIL system work and also why we have a
I have *never* seen a MUA legitimately send email directly. The
only MUAs that send directly to the recipient are zombies.
However, I get the feeling we are talking past each other, and might
actually agree if the terms were understood better.
MAJOR exploit with SMTP. Authorization or any kind (Best current Practices
are; IP Allow Tables, ESMTP AUTH and/or POPB4SMTP) is only required for
relaying mail - sending out to remote, not LOCAL).
You are correct that your home network, IP is sufficient and the MUA
doesn't need to authorize. However, if you expect to send from
a roaming laptop, and pass SPF, SMTP AUTH (or VPN or SSH) is required
to relay through the home office.
Come on. There is a REASONS why HELO is not reliable. Why are you fighting
it?
It *ought* to be reliable. In practice, I am happy if either HELO
or SPF passes.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com