On 09/08/05 08:07 +0530, Kenneth Gonsalves wrote:
On Monday 08 Aug 2005 10:28 pm, Devdas Bhagat wrote:
Huh? ISPs need to check for valid senders. They can do this by a) Requiring you to be in an IP block they control b) Using POP before SMTP c) Using SMTP Authentication d) Using TLS AUTH
A properly setup ISP does not care about the sender's email address.
i have an account at your isp - kg@dvb.com. I access my pop box, and then within the next 30 minutes i send spam all over the world from ids like kg@sherlock.com - assuming there is a domain registered and live called sherlock.com, you will relay these mails?
So long as a complaint lets me track you down, yes. The only important part is the headers in the complaint. You know who the actual sender is from the IP, RADIUS logs, POP login times, SMTP AUTH log information.....
No one who knows about email even bothers about spoofable information. You may or may not have legitimate use of the foo@example.org address when relaying through a server which is for example.com. Email was designed that way so that users could actually do that.
The envelope from is just the address to which DSNs and bounces should go. The header Sender: is the actual message sender. The header from: is the person on whose behalf the message was sent.
Devdas Bhagat