Date: Fri, 27 Jun 1997 07:54:32 +1000 From: Giles Lean <giles@nemeton.com.au> To: "Randy B. Lymn" <rblim@aht.com> Cc: hackers@freebsd.org Subject: Re: talking in SMTP Message-ID: <314.867362072@nemeton.com.au> In-Reply-To: <33B2CF7A.446B9B3D@aht.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[Drifting from the list -- I don't know where to redirect this one.] On Thu, 26 Jun 1997 13:22:18 -0700 "Randy B. Lymn" wrote: > I got some concerns about talking in SMTP. It seemed that people can > just use anonymous name or arbitrary name to send junk mail to other > people. Maybe bomb up your mailbox. Are there any ways to validify the > sender's email address in "talking in SMTP"? You are correct. SMTP provides for no authentication. Mail relaying makes this almost impossible to do. Imagine if I sent this mail to my ISP first instead of directly to you; sendmail at the ISP would relay the mail to you and no amount of cross checking of incoming IP addresses and the mail envelope addresses would match. Some people do have SMTP agents that check that the envelope addresses are at least in the DNS, and others have added blocking of "bad" envelope addresses known to be used by spammers. Adding relay control so that people can't relay such junk *through* your site is nice for the rest of us, but doesn't help you directly. Resources: http://www.sendmail.org Pointers to spam resources for sendmail http://www.qmail.org Qmail is a MTA designed for security and providing relay protection as standard. http://www.obtuse.com/ Look for smtp programs (similar to the TIS firewall toolkit smap and smtpd) they provide some ability to check envelope addresses. http://spam.abuse.net/spam/ The ultimate spam resource. http://www.hormel.com/ More spam than you know what to do with. Even T-shirts. :) Regards, Giles
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?314.867362072>