Anti-spam measures
Daniel Karrenberg Daniel.Karrenberg at ripe.net
Mon Jan 12 17:57:39 CET 1998
> "Andres Kroonmaa" <andre at ml.ee> writes: > ... > 3) EMail can be injected into SMTP world only via pop3 or similar, after > authenicating senders username/password. > Envelope-senders return-path would be out of control of luser and > ideally always correct. > ... > It would be needed to add POST method to pop3 or any other > authenticated mail protocol widely used. This is the most problem with > this scheme, but could be solved if principally accepted. Some people use a hack sometimes called "submit after POP" which solves this problem. It allows a host that recently -say in the last 15 minutes- has had an authenticated POP session to retrieve mail, to relay mail to external domains. The beauty of this is that you do not need a new protocol or new client software. The only thing you need is to tell your users that they have to pick up mail before sending any. Experience shows that users understand that concept and most of them can successfully implement it. The downside of it is that you end up configuring your SMTP MTA from the POP logfiles... but you can use the authentication info in the log files to veryfy sender addresses ... Summary: A really gross hack but it works. Daniel
[ lir-wg Archives ]