From mboxrd@z Thu Jan 1 00:00:00 1970 From: Lyndon Nerenberg To: lucio@proxima.alt.za Cc: 9fans@cse.psu.edu Subject: Re: [9fans] re: spam filtering fs In-Reply-To: <66da6c9b445553becc9e3195ef487bb0@proxima.alt.za> Message-ID: <20030903035930.Y1234@gandalf.orthanc.ab.ca> References: <66da6c9b445553becc9e3195ef487bb0@proxima.alt.za> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Date: Wed, 3 Sep 2003 04:09:51 -0600 Topicbox-Message-UUID: 2b1a296c-eacc-11e9-9e20-41e7f4b1d025 > My mail exchanger accepts mail that is "certified" and for which it > has the certificate public key. Certified mail contains either a > signature in the body as with PGP or a header of some description, > encrypted with the sender's private key so it can be decrypted and > validated. A preferable form of encryption would be at the SMTP > protocol level, but this is a different model. SMTP AUTH cannot (reasonably) solve this problem. What SMTP AUTH is intended to address is the problem where a road warrior's laptop needs to inject mail via a home-agent MTA. It can only authenticate the laptop to the home MTA. It cannot authenticate the originator of the mail coming from the laptop. (PGP and S/MIME try to solve that problem.) Open SMTP relays fall into two categories: 1) those operated by people who haven't a clue, or 2) those operated by people who need to allow remote relay but are too stupid (or cheap) to acquire MUA software that supports SMTP AUTH for just this purpose. If people would use SMTP AUTH to solve problem #2, problem #0 (the need for PGP or S/MIME signatures to bypass filters) would mostly just go away. --lyndon