On Wed, Aug 27, 2003 at 04:07:58PM +0300, Kalle Kivimaa wrote: > Mark Brown <[EMAIL PROTECTED]> writes:
> > You do realise that all parts of SMTP are generally completely > > unauthenticated and can be trivially forged? A system like this has no > > option but to work with unauthenticated data. > Why cannot the C-R system issue the challenge during the SMTP session > (respond with a reject containing the challenge)? With the latest > Sobig flood I've begun to consider all list software sending back The part where SMTP is completely unauthenticated means that this doesn't help - the SMTP envelope sender can be forged just as easily as the From: inside the message. -- "You grabbed my hand and we fell into it, like a daydream - or a fever."
