Yes. I will ensure the fix will never block email to postmaster. Per prior discussion on the default behavior for SMTP authentication, I hope to classify the 2 types of email traffic: (1) inter-domain: the sender and recipient address contain different domain name (2) intra-domain: the sender and recipient address contain same domain name. I so-far hear two arguments that we should not enforce SMTP authentication for intra-domain traffic: (1) RFC requires us to delivery to postmaster. Further, there might a business need for a list of "guaranteed delivery" emails. (2) Intra-domain emails are less important than inter-domain emails. SMTP authentication doesn't completely prevent inter-domain email address spoofing, so we shouldn't use it to prevent "intra-domain" spoofing. I think argument (1) is valid, and we should address it. However, I feel argument (2) is invalid. Intra-domain problem is quite important for large corporation (say corporation > 100 people) and large ISPs (like aol, yahoo, gmail or hotmail), because in these cases intra-domain emails is a significant portion all email traffic (especially in large corporations). Intra-domain emails is not easy to protect either because of factors like large number of users, possibility of malicious attacks (worms or human), and inability to constraint user's IP address (in case of yahoo, gmail, etc.) People do forget password from time to time, so I can see the administrator might want make exception for a small list of special destination addresses (like postmaster@, abuse@, support@, etc). However, if administrator does turn on SMTP authentication, email client of internal users will anyway need to be set up to send in authentication information on every SMTP request. I wonder why the the administrator wants to deliberately disable SMTP authentication for ALL intra-domain emails (which is the current behavior of James). Why should SMTP only protect emails sent to outside of corporation, and not emails to a corporation? Ken
"Noel J. Bergman" <[EMAIL PROTECTED]> wrote: > RFC 2821 - Simple Mail Transfer Protocol > 4.5.1 Minimum Implementation > Any system that includes an SMTP server supporting mail relaying or > delivery MUST support the reserved mailbox "postmaster" as a case- > insensitive local name. See also: http://www.rfc-ignorant.org/ People really do maintain block lists of those who do not properly follow the RFCs. --- Noel --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------- Yahoo! Mail Bring photos to life! New PhotoMail makes sharing a breeze.
