> if i want to send SPAM to *@aaa.com, it's so easy for me becaust all > i need to do is to set my SMTP server as smtp.aaa.com and set my > email address as [EMAIL PROTECTED], whenever user xxx is valid or not.
Top-of-the-line (i.e. bottom-of-the-species) spammers don't need to guess at valid usernames. They just use yours, or the RFC-mandated addresses like <>, postmaster, et al. Or haven't you noticed this yet? > that's to say, your email server users with get SPAMs without > end. "SPAMs without end" are already happening the world over. The protection you need is way beyond the feature/s in question, see IMGate/Declude as before. > do you think this is also quite normal? Never do i! It's quite normal throughout the public Internet. I agree, though, that the feature/s you're suggesting would be cool to have in IMail, and Postfix and Sendmail, can be tweaked to require: (a) MAIL FROM must exist locally AND SMTP AUTH must be used to relay and (b) the above plus SMTP AUTH = MAIL FROM You should make an official feature request to [EMAIL PROTECTED], since we don't have the source to recompile. :) > what i DO EXPECT is:instead of checking whether the sender's address > is @aaa.com, the SMTP server will examine whether the sender using > [EMAIL PROTECTED] is valid or not. > this is called a true authentication. Nah, it's called a bump in the road for a hardcore spammer. -Sandy To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
