On Sat, 15 Oct 2016 17:33:00 +0200
Petr Bena <petr@bena.rocks> wrote:

> What exactly were you trying to tell me?

I'm trying to tell you that unless we throw out SMTP, there is *no way*
to detect spoofed email.  That's because SMTP allows for "legitimate"
spoofing (AKA mailing lists) which makes it impossible to figure out what
"illegitimate" spoofing is, in the general case.

I did mention that you can use local domain-specific knowledge to add
a measure of protection to your own inbound email, but that such
measures are not generally applicable.



Reply via email to