> From: ietf1@ietf.org > Reply-to: karn@qualcomm.com "ietf1@ietf.org"? I've been meaning to ask about that. If the goal is to avoid Microsoft out-of-office noise and other hassles, wouldn't nobody@qualcomm.com or some other obvious bit bucket be better? > ... > I actually encountered an ISP that does this. ... Hasn't AOL been running SMTP redirection proxies for their IP customers for years? > 25 and redirecting them to their own mailservers. They didn't support > STARTTLS, and even if they did there is no reason I should trust them. > > It did teach me the importance of protecting against the > man-in-the-middle attack. This is not often done, at least not by > default, in many STARTTLS implementations. Which STARTTLS are those that cannot be told to check certificates? By default sendmail only says "verify=FAIL" in the received header when the authentication part fails, but I think I recall a sendmail.cf switch that says "refuse mail without a good certificate." Vernon Schryver vjs@rhyolite.com