On 2003.08.27, russm <[EMAIL PROTECTED]> wrote:That would break a lot of things, I reckon...
Yes! SMTP is fundamentally broken, and that's why it's so easy to send spam in a way that's hard to track down and easy to forge. This is NOT a feature -- being able to send forged email -- it is a FLAW in the SMTP design. What I suggested is a easily implementable fix to the design.
easily implementable for you, but requiring a *very* large number of internet users to make changes to be compatible with your new setup...
When I'm at home all outbound mail is relayed through my providers mail servers, but they certainly don't provide backup MX for my employer - you'd see mail from mail.optusnet.net.au which is not in the MX list for icorp.com.au...
And why aren't you relaying mail through one of icorp.com.au's MX'es? They won't allow your IP to relay through them? Not even with something like POP-before-SMTP auth or S/SMTP with SSL client certificate auth or some other mechanism?
In my particular case - because I don't need to. But I also believe there are many ISPs who block all outbound port 25 and require that you relay through them... why do they do this? I seem to recall it's to help track and fight spam...
Novel idea: when you're at home, why not send mail from an email address valid from your home machine through a mailhost that the address is valid for, and use the Reply-To: header in the mail if you want responses to go back to your work address? Why do you need to forge the outgoing From: address? Do you need to hide the fact that you're sending the email from home?
partly because I got sick of maintaining multiple mail accounts for each host I used back in 1994, and partly because I use a laptop, and reconfiguring my account settings 2-3 times a day is a pain in the arse...
You're right, SMTP is broken in some very fundamental ways, particularly in the modern environment of mobile users and an untrusted world, but you're proposing bandaging another fix on to SMTP, making the whole infrastructure more fragile while still requiring very large numbers of people to fix things to work with the new setup. The correct solution if you're willing to have a flag day is to just do away with SMTP... If "doing away with SMTP" is too big a change, then requiring every man and his dog to update their mail hosting situation is also too big, I would suggest...
cheers
Russell
-- AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
