From owner-freebsd-hackers  Thu Jun 26 14:48:53 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id OAA14355
          for hackers-outgoing; Thu, 26 Jun 1997 14:48:53 -0700 (PDT)
Received: from nemeton.com.au (gw.nemeton.com.au [203.8.3.1])
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id OAA14350
          for <hackers@freebsd.org>; Thu, 26 Jun 1997 14:48:48 -0700 (PDT)
Received: (qmail 13845 invoked from network); 26 Jun 1997 21:48:17 -0000
Received: from topaz.nemeton.com.au (203.8.3.18)
  by nemeton.com.au with SMTP; 26 Jun 1997 21:48:17 -0000
Received: (qmail 316 invoked from network); 26 Jun 1997 21:54:42 -0000
Received: from localhost.nemeton.com.au (127.0.0.1)
  by localhost.nemeton.com.au with SMTP; 26 Jun 1997 21:54:38 -0000
To: "Randy B. Lymn" <rblim@aht.com>
cc: hackers@freebsd.org
Subject: Re: talking in SMTP 
In-reply-to: <33B2CF7A.446B9B3D@aht.com> 
Date: Fri, 27 Jun 1997 07:54:32 +1000
Message-ID: <314.867362072@nemeton.com.au>
From: Giles Lean <giles@nemeton.com.au>
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


[Drifting from the list -- I don't know where to redirect this one.]

On Thu, 26 Jun 1997 13:22:18 -0700  "Randy B. Lymn" wrote:

> I got some concerns about talking in SMTP. It seemed that people can
> just use anonymous name or arbitrary name to send junk mail to other
> people. Maybe bomb up your mailbox. Are there any ways to validify the
> sender's email address in "talking in SMTP"?

You are correct.  SMTP provides for no authentication.

Mail relaying makes this almost impossible to do.  Imagine if I sent
this mail to my ISP first instead of directly to you; sendmail at the
ISP would relay the mail to you and no amount of cross checking of
incoming IP addresses and the mail envelope addresses would match.

Some people do have SMTP agents that check that the envelope addresses
are at least in the DNS, and others have added blocking of "bad"
envelope addresses known to be used by spammers.

Adding relay control so that people can't relay such junk *through*
your site is nice for the rest of us, but doesn't help you directly.

Resources:

http://www.sendmail.org
	Pointers to spam resources for sendmail

http://www.qmail.org
	Qmail is a MTA designed for security and providing relay
	protection as standard.

http://www.obtuse.com/
	Look for smtp programs (similar to the TIS firewall toolkit
	smap and smtpd) they provide some ability to check envelope
	addresses.

http://spam.abuse.net/spam/
	The ultimate spam resource.

http://www.hormel.com/
	More spam than you know what to do with.  Even T-shirts. :)

Regards,

Giles