Hello Gustavo,
Wednesday, February 4, 2004 you wrote:
GG> If we can't validate a sender, anyone can setup a mail server and send em=
GG> ail=20
GG> with a false identity (like virus does).
GG> Have you a idea to solve this ?
You work with what you have and SMTP has limitations.
You can authenticate your own users of course. But assuming it is
not your user then practically a few IP tests and some spam and
virus filtering is about as good as you can do right now. The only
thing really you can do before accepting the message is to test
the IP in various ways. Everything else requires the message data.
Validating an e-mail address format is exceedingly difficult if
not actually impossible. Even sending a message to the address
means next to nothing even if a reply occurs. Assuming you could
determine if a sender were valid then the question of whether the
sender is legitimate - whatever that means - is much more complex.
It is exactly like postal mail. Anyone can place any return address
on an envelope. The return address may or may not be valid and
the person who places it there may or may not be "legal" -
whatever that means.
Likewise the letter inside the envelope may be addressed to
someone entirely different than the address on the envelope and
may have an entirely different return address. And none of them
have to be valid or "legal."
Long term the solution is pretty obvious really. Eventually every
individual will have to have a unique identifier. It is not
really so difficult technically and eventually the society will
not only permit it but demand it. Actually the unique identifier
already exists - just need a handy way to read it. Once acquired
it could be verified and passed or rejected at any point along the
path. Probably a few years off.
Terry Fritts
-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]
