Re: authenticated "from" email address

["Christopher E. Cramer" <chris.cramer () DUKE EDU>]

spf might give you some of what you are looking for - at least in
conjunction w/ authenticated smtp.  what you can do is to specify the
machine(s) or ip ranges which are authorized to send mail as being from
your domain.  then for any mail that is received by your (and many
others') domain, there will be a check to see if the message originated
from an authorized ip.

now, spf still has a few issues and it certainly won't prevent spam, but
it might be worth checking out if you are trying to prevent forging of
your domain name (http://spf.pobox.com/).

-c


On Mon, 1 Nov 2004, Kevin Shalla wrote:

> Because most of my legitimate email is from people within my email domain,
> I would like to be able to trust that email from users in my domain is
> actually from the account in the "from" field.  If this were the case, I
> would get less spam, viruses, and worms, because now I get many messages
> with spoofed "from" addresses of internal users.  Since both "blacklist"
> and "whitelist" strategies for dealing with spam require identifying the
> sender, this spoofing hobbles those strategies.
>
> Recently I heard about the SMTP Service Extension for Authentication
> <http://www.ietf.org/rfc/rfc2554.txt>, and had high hopes for it, but I've
> heard that once authenticated, the user is not restricted to sending
> messages with the "from" address of that authenticated user.  Does anyone
> know if there is any protocol (or anything in the works) for restricting
> this way?
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
> http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.