Unless I'm missing something. What I think the complaint is, is that simply putting his server's SMTP address into outlook and either an existing e-mail address or alias and he is able to send an e-mail to everyone on his domain. So a former employee could use his address book, his old SMTP settings and an existing e-mail address and spam all of the current employees - without having to authenticate. I think I have seen this when people set up their outlook without checking "my server requires authentication". They are able to send e-mail to everyone in my domain and they only find out something is wrong when they try to send mail to someone outside of the domain and they then get the "550 not a gateway" error.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, March 11, 2004 9:05 AM To: [EMAIL PROTECTED] Subject: RE: [IMail Forum] Non-existent user able to send to localhost users >I recently discovered that I could send mail from home to my account at work >using a sender name of an IMail alias! >I did another test with a completely nonexistent address and the mail was >delivered! I'm not sure why you seem surprised -- you can do the same thing with Bill Gate's E-mail address. Or mine. Or whoever's you would like. That is how SMTP works -- the return address is just like the one on an envelope. It is intended to show who sent the E-mail -- but there is nothing guaranteeing that it is correct. Have you never received a spam from someone pretending to be @hotmail.com or @yahoo.com? Again, that's why so many people are looking at SPF ( http://spf.pobox.com ). You can very easily add an SPF record for all of your domains, helping ensure that people won't send unauthorized E-mail from your domains. And, using Declude JunkMail, you can block any unauthorized E-mail from SPF-enabled domains. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
