[51224] in North American Network Operators' Group
Re: IETF SMTP Working Group Proposal at smtpng.org
daemon@ATHENA.MIT.EDU (Paul Vixie)
Wed Aug 21 20:56:40 2002
To: nanog@merit.edu
From: Paul Vixie <vixie@vix.com>
Date: 22 Aug 2002 00:56:08 +0000
In-Reply-To: <001f01c24974$b8e84920$030010ac@void>
Errors-To: owner-nanog-outgoing@merit.edu
> Lets not forget that you need an SSL cert for every server with a
> different host name, and you need to go through companies like Verisign
> to get them. (yes, there are lesser evils I know). But using SSL certs
> could be more expensive then just registering your company, netblock or
> whatever with a management account.
i won't glock up this already busy list with a full copy of the proposal,
but before y'all go off and invent something, here's some prior art that's
been resoundingly pooh-pooh'd by the smtp community.
http://www.vix.com/~vixie/mailfrom.txt
Abstract
At the time of this writing, more than half of all e-mail received by
the author has a forged return address, due to the total absence of
address authentication in SMTP (see [RFC2821]). We present a simple
and backward compatible method whereby cooperating e-mail senders and
receivers can detect forged source/return addresses in e-mail.
--
Paul Vixie
