Please keep replies on list.
On 4/17/2023 2:16 PM, Tyler Montney wrote:
I'll put it this way, since I'm struggling to word this:
Provider A contains the following customers:
Acme Corporation (acme.com <http://acme.com>)
Corley Motors (corley.com <http://corley.com>)
Provider B contains the following customers:
ConSec (consec.com <http://consec.com>)
Teldar Paper (teldar.com <http://teldar.com>)
[email protected] can send to [email protected]
without authentication.
You've explained what's observable, but not why it's a problem.
Any random server on the internet can send to [email protected] without
authentication. The original sender may or may not authenticate to
*their* mail server, corley.com cannot control that. So corley.com
accepts unauthenticated mail all day long.
How is this different?
[email protected]
must authenticate in order to send to
[email protected] . Similarly, [email protected]
must authenticate in order to send to
[email protected] .
Some providers require all to authenticate, without exception. This
is generally considered good, but providers may use other methods to
prevent abuse of their system.
I still don't see a problem. If someone has found a way to abuse
this, then the abuse should be reported to the provider.
-- Noel Jones
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
