ingress SMTP

[jra at baylink.com (Jay R. Ashworth)]

On Wed, Sep 03, 2008 at 12:58:53PM -0400, Nicholas Suan wrote:
> On Sep 3, 2008, at 12:49 PM, Jay R. Ashworth wrote:
> >You're forgetting that 587 *is authenticated, always*.
> 
> I'm not sure how that makes much of a difference since the usual spam  
> vector is malware that has  (almost) complete control of the machine  
> in the first place.

Well, that depends on MUA design, of course, but it's just been pointed
out to me that the RFC says MAY, not MUST. 

Oops.

Does anyone bother to run an MSA on 587 and *not* require authentication?

Cheers,
-- jra
-- 
Jay R. Ashworth                   Baylink                      jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com                     '87 e24
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274

	     Those who cast the vote decide nothing.
	     Those who count the vote decide everything.
	       -- (Josef Stalin)