David Walker <bugtraq@grax.com> wrote: >One of the issues bothering me is the fact that mail servers will accept what >you tell them meaning that I can easily send mail pretending to be from any >domain. I propose that a new type of dns entry be created for authorized >outgoing mail servers. Mail servers will be able to discover if the IP >address connected to them is authorized to send mail for that domain and >either deny the message or add a warning to it. This is an very bad idea. It is often suggested, perhaps as a reaction to the amount of email abuse (mostly spam). No new DNS record is required for this. We already know the answer. Every mail server is entitled to send mail with any valid email address. Email is a system that depends on relaying and forwarding. The sender address is properly associated with the human sender of the mail, not with the particular IP address of a machine through which it passes on its route. The fallacy of the proposal is based on the mistaken notion that an email address is the property of the computer from which it is received. However, an email address is more properly that of a person, or perhaps a person acting in a particular capacity. Such a person is entitled to use that email address whether at the office, or working at home, or on a business trip using a laptop, or sending from another computer made available to him. Yes, email addresses are forged. This is a social problem. A poorly thought out quick-and-dirty fix will not correct this social problem. It will cause serious damage to the email system and the current ways it is used. -NWR
