Thanks, as always, Scott.
D.
At 11:22 AM 1/14/2003 -0500, you wrote:
I run a small corporate email server where every user is behind a WAN.
There are only three public IPs servicing all of our users. We have
perhaps a dozen employees who email from home outside the WAN or while
travelling.
Is it safer for me to relay for these three addresses because it's
difficult for spammers to spoof an address, or is it safer for me to
relay for no one because authentication is more difficult to bypass than
spoofing and address?
In theory, "Relay for Addresses" offers less security than "No Mail
Relay." That's because both allow anyone to send mail with SMTP AUTH, but
"Relay for Addresses" also allows people to send mail using authentication.
In practice, however, if you only add IP addresses that are safe (as in
you are very confident that spam won't originate from those IPs if they
are not spoofed), then you should be just as safe as "No Mail Relay." IP
spoofing is anywhere from very difficult to impossible -- and is virtually
impossible on most compromised Windows machines, which makes up the
majority of the machines that "script kiddies" use. For a spammer, there
is no incentive to do this.
I've only heard of one incident that *may* have been a spammer sending
spam using a spoofed IP. However, I am very confident that it wasn't
really a spammer using a spoofed IP.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches both viruses and vulnerabilities in E-mail, with no
annual licensing fees.
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
