On Wed, 14 Aug 2002, Keith Moore wrote: > > There must be a secure method that would allow a receiver to verify whether > > or not the sender actually exists as a user on the mail server for the > > domain the e-mail is coming from. > > this is already possible. it is not sufficient. It's possible but it's useless as one can't depend on it: too many MTA's are configured to refuse EXPN/VRFY requests if they were implemented in the first place. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords