[77762] in North American Network Operators' Group
Re: Time to check the rate limits on your mail servers
daemon@ATHENA.MIT.EDU (Adi Linden)
Thu Feb 3 21:17:50 2005
Date: Thu, 3 Feb 2005 20:15:20 -0600
From: Adi Linden <adil@adis.on.ca>
To: Joel Jaeggli <joelja@darkwing.uoregon.edu>
Cc: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.61.0502031539490.12790@twin.uoregon.edu>
Errors-To: owner-nanog-outgoing@merit.edu
> > How about using SMTP AUTH and verifying the envelope MAIL FROM to match
> > the actual user authenticating?
>
> that doesn't work if you have more than one email address.
You should know all your users email addresses. It shouldn't be too
difficult to match the 'mail from' address with the user account. The only
caveat would be that joe@hotmail.com would actually have to use the
hotmail smtp server to send mail.
> > This will make SPAM traceable and
> > hopefully ultimately users aware that their PC is sending junk.
>
> auth is sufficient to make email traceable to your own customers.
And how is that? There isn't necessarily anything in an email indicating
that it originated from an SMTP AUTH authenticated user. While a header
could be added, it isn't a mandatory thing.
Adi
