[107430] in North American Network Operators' Group
Re: ingress SMTP
daemon@ATHENA.MIT.EDU (Jay R. Ashworth)
Wed Sep 3 15:00:25 2008
Date: Wed, 3 Sep 2008 15:00:15 -0400
From: "Jay R. Ashworth" <jra@baylink.com>
To: nanog@nanog.org
In-Reply-To: <F9DF4D51-76AA-4BF5-98C8-1F320060C328@nonexiste.net>
Errors-To: nanog-bounces@nanog.org
On Wed, Sep 03, 2008 at 12:58:53PM -0400, Nicholas Suan wrote:
> On Sep 3, 2008, at 12:49 PM, Jay R. Ashworth wrote:
> >You're forgetting that 587 *is authenticated, always*.
>
> I'm not sure how that makes much of a difference since the usual spam
> vector is malware that has (almost) complete control of the machine
> in the first place.
Well, that depends on MUA design, of course, but it's just been pointed
out to me that the RFC says MAY, not MUST.
Oops.
Does anyone bother to run an MSA on 587 and *not* require authentication?
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra@baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com '87 e24
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Those who cast the vote decide nothing.
Those who count the vote decide everything.
-- (Josef Stalin)
