On Sat, 15 Oct 2016 17:33:00 +0200 Petr Bena <petr@bena.rocks> wrote:
> What exactly were you trying to tell me? I'm trying to tell you that unless we throw out SMTP, there is *no way* to detect spoofed email. That's because SMTP allows for "legitimate" spoofing (AKA mailing lists) which makes it impossible to figure out what "illegitimate" spoofing is, in the general case. I did mention that you can use local domain-specific knowledge to add a measure of protection to your own inbound email, but that such measures are not generally applicable. Regards, Dianne.