North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: IETF SMTP Working Group Proposal at smtpng.org
> Lets not forget that you need an SSL cert for every server with a > different host name, and you need to go through companies like Verisign > to get them. (yes, there are lesser evils I know). But using SSL certs > could be more expensive then just registering your company, netblock or > whatever with a management account. i won't glock up this already busy list with a full copy of the proposal, but before y'all go off and invent something, here's some prior art that's been resoundingly pooh-pooh'd by the smtp community. http://www.vix.com/~vixie/mailfrom.txt Abstract At the time of this writing, more than half of all e-mail received by the author has a forged return address, due to the total absence of address authentication in SMTP (see [RFC2821]). We present a simple and backward compatible method whereby cooperating e-mail senders and receivers can detect forged source/return addresses in e-mail. -- Paul Vixie
|