Time to check the rate limits on your mail servers

Adi Linden adil at adis.on.ca
Fri Feb 4 02:15:20 UTC 2005


> > How about using SMTP AUTH and verifying the envelope MAIL FROM to match
> > the actual user authenticating?
>
> that doesn't work if you have more than one email address.

You should know all your users email addresses. It shouldn't be too
difficult to match the 'mail from' address with the user account. The only
caveat would be that joe at hotmail.com would actually have to use the
hotmail smtp server to send mail.

> > This will make SPAM traceable and
> > hopefully ultimately users aware that their PC is sending junk.
>
> auth is sufficient to make email traceable to your own customers.

And how is that? There isn't necessarily anything in an email indicating
that it originated from an SMTP AUTH authenticated user. While a header
could be added, it isn't a mandatory thing.

Adi



More information about the NANOG mailing list