>Since section 5 "Message Submission Authentication/Authorization >Technologies" mentions only SMTP AUTH and TLS, does it mean that >authentication by IP addresses is forbidden? I ask so because it is >currently the most common way to weakly authenticate local users. Is >it covered by "Depending upon the environment, different mechanisms >can be more or less effective and convenient"? The latter. The intention is to encourage everyone to use AUTH or TLS, since they tend to provide better granularity than IP authentication. For example, it's dismayingly common to use security holes to install scripts on web servers that send out spam. If the legit scripts all used AUTH when sending mail to the local mail server, it would be immediately obvious when a rogue script were sending mail. >Side note: on Unix, will cron be forced to authenticate to send emails >at 2 am? :-) Perhaps a sentence or two clarifying that this only applies to SMTP and SUBMIT would be in order. R's, John _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf