Date: Thu, 26 Jun 1997 15:31:22 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: giles@nemeton.com.au (Giles Lean) Cc: rblim@aht.com, hackers@FreeBSD.ORG Subject: Re: talking in SMTP Message-ID: <199706262231.PAA08890@phaeton.artisoft.com> In-Reply-To: <314.867362072@nemeton.com.au> from "Giles Lean" at Jun 27, 97 07:54:32 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > I got some concerns about talking in SMTP. It seemed that people can
> > just use anonymous name or arbitrary name to send junk mail to other
> > people. Maybe bomb up your mailbox. Are there any ways to validify the
> > sender's email address in "talking in SMTP"?
>
> You are correct. SMTP provides for no authentication.
RFC821 (the SMTP protocol definition) provides for negative responses
to "HELO".
Combined with RFC1859 (the ESMTP extension format definition), it is
possible to add authentication.
It is generally more useful to use RFC1846 ("521" error response) to
known SPAM IP address ranges and SPAM domain names, if given. This
allows you to give errors to spam sites on initial greeting, or to
SPAM sites after they identify themselves via "HELO" or "EHLO".
It is also permissibale to give "550" error resonses to the SPAM
site as it enters "RCPT TO:" commands to say "No access to mailbox"
> Mail relaying makes this almost impossible to do. Imagine if I sent
> this mail to my ISP first instead of directly to you; sendmail at the
> ISP would relay the mail to you and no amount of cross checking of
> incoming IP addresses and the mail envelope addresses would match.
Non-local addresses can be responded with "551 User not local". You
can give this response for a non-local source address, as well as a
non-local target address (ie: you refuse relaying).
Terry Lambert
terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706262231.PAA08890>