Educause Security Discussion mailing list archives
authenticated "from" email address
From: Kevin Shalla <kshalla () UIC EDU>
Date: Mon, 1 Nov 2004 12:00:32 -0600
Because most of my legitimate email is from people within my email domain, I would like to be able to trust that email from users in my domain is actually from the account in the "from" field. If this were the case, I would get less spam, viruses, and worms, because now I get many messages with spoofed "from" addresses of internal users. Since both "blacklist" and "whitelist" strategies for dealing with spam require identifying the sender, this spoofing hobbles those strategies. Recently I heard about the SMTP Service Extension for Authentication <http://www.ietf.org/rfc/rfc2554.txt>, and had high hopes for it, but I've heard that once authenticated, the user is not restricted to sending messages with the "from" address of that authenticated user. Does anyone know if there is any protocol (or anything in the works) for restricting this way? ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- authenticated "from" email address Kevin Shalla (Nov 01)
- <Possible follow-ups>
- Re: authenticated "from" email address Christopher E. Cramer (Nov 01)