On Wed, Aug 27, 2003 at 04:07:58PM +0300, Kalle Kivimaa wrote: > Mark Brown <[EMAIL PROTECTED]> writes: > > You do realise that all parts of SMTP are generally completely > > unauthenticated and can be trivially forged? A system like this has no > > option but to work with unauthenticated data. > > Why cannot the C-R system issue the challenge during the SMTP session > (respond with a reject containing the challenge)?
Read SMTP 2821, and find out for yourself. Hint: SMTP is intended to be noninteractive, while this thing tries to get confirmation from a human being. -- Wouter Verhelst Debian GNU/Linux -- http://www.debian.org Nederlandstalige Linux-documentatie -- http://nl.linux.org "Stop breathing down my neck." "My breathing is merely a simulation." "So is my neck, stop it anyway!" -- Voyager's EMH versus the Prometheus' EMH, stardate 51462.
