North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: IETF SMTP Working Group Proposal at smtpng.org

  • From: Paul Vixie
  • Date: Wed Aug 21 20:57:58 2002

> Lets not forget that you need an SSL cert for every server with a
> different host name, and you need to go through companies like Verisign
> to get them.  (yes, there are lesser evils I know).  But using SSL certs
> could be more expensive then just registering your company, netblock or
> whatever with a management account.

i won't glock up this already busy list with a full copy of the proposal,
but before y'all go off and invent something, here's some prior art that's
been resoundingly pooh-pooh'd by the smtp community.

http://www.vix.com/~vixie/mailfrom.txt

   Abstract

      At the time of this writing, more than half of all e-mail received by
      the author has a forged return address, due to the total absence of
      address authentication in SMTP (see [RFC2821]).  We present a simple
      and backward compatible method whereby cooperating e-mail senders and
      receivers can detect forged source/return addresses in e-mail.

-- 
Paul Vixie