Don't worry it's not complete.
http://www.kajotec.com/index.php/products
Don't worry it's not complete.
http://www.kajotec.com/index.php/products
So you assert that an incoming MTA that accepts messags for example.com with a From: address in the example.com domain is misconfigured and shouldn't do this.
I'm not arguing with that as a concept necessarily, but I will maintain that 'most' domains probably don't filter out these messages. It would not be useful as an anti-spam measure, and email forgery would simply not be a problem for a great many domains, eitehr because people don't ever do it, or because they don't trust email for anything vital enough to matter so much.
"misconfiguration" implies that something is broken or won't work properly, where the issue in question is more one of personal preference, surely?
I think you've taken a very minor issue that wouldn't apply to most domains and made a big deal out of it, with a great deal of abuse for good measure. However, in case I've missed something important, what would be the big drama for the incoming MTA server to accept email from "in-domain" addresses? IOW, what consequences for most domains could arise that would be worth the trouble of fixing the problem? How can this harm other Netizens?
Sometimes when doing a risk analysis, the rectification costs outweigh the potential damage. It's possible that admins of many domains have made a deliberate decision to allow this behaviour. Maybe they are all really stupid, but if you're going to claim that, you should provide some kind of example of the dire consequences that they've misunderstood; support your argument.
@fusspawn said:
... who needs telnet web plenty of webmail sites exsist.
Webmail sites won't let you give a false from address. The receiving MTA will, since they have no way to verify it (Other than SPF, which reduces the pool of domains you can choose from for your fake address)
Morbius, unless you have mistyped what your saying, you are very very wrong and very very rude. If SMTP needed authentication then we wouldn't have a spam problem.
Are you trolling or just confused?
An SMTP server will accept email for its domain, say example.com. If you look up the MX record for the example.com domain, you get the IP address of the SMTP server. You connect to that server, which will normally accept either all mail, or only valid addresses, in the example.com domain.
If you connect to it to send to example.net, you should get rejected with a relay denied message.
If this were not the case, when I want to send a message to example.org, what password should I use? You have an email address, one assumes. How do people send mail to it without a password?
How do the 'open relays' you refer to manage to send spam to the MTA that accepts mail for the domain your address is in?
An MTA that accepts mail for a domain it is NOT hosting without authentication is an open relay.
As an aside, I'd also be interested in your evidence for the claim that open relays (ie not hacked windows boxes or spammer-hosted machines) are a major source of spam in 2009.