On Wed, Sep 03, 2008 at 12:58:53PM -0400, Nicholas Suan wrote: > On Sep 3, 2008, at 12:49 PM, Jay R. Ashworth wrote: > >You're forgetting that 587 *is authenticated, always*. > > I'm not sure how that makes much of a difference since the usual spam > vector is malware that has (almost) complete control of the machine > in the first place.
Well, that depends on MUA design, of course, but it's just been pointed out to me that the RFC says MAY, not MUST. Oops. Does anyone bother to run an MSA on 587 and *not* require authentication? Cheers, -- jra -- Jay R. Ashworth Baylink [EMAIL PROTECTED] Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Josef Stalin)
