On Thu, Oct 02, 2003 at 05:21:48AM -0400, Jamrock wrote: > > A client is concerned because it is possible for someone to send email and > let it seem as if the mail came from someone else. He simply needs to use a > false email address in the mail client.
Yep, that's a "fault" of SMTP. > If we were to remove the selective relaying from qmail, would it help to > reduce the ease with which people can do this? From what I have read, the > real problem is caused by the trusting nature of the SMTP protocol. SMTP AUTH doesn't really give you more of a trustworthiness. > A colleague says that Lotus Notes gets around this by using a proprietory > digital signature. You can't even open up the client software without a > username and a password. I haven't verified this for myself. I used Notes about 4 years ago and that was a nice feature because it was seemless as they controlled the client. You can do digital signatures with gnupg and various other free and non-free plugins for your mail client. However mail clients might expect the pgp information to be sent in different ways. See http://www.gnupg.org/(en)/related_software/frontends.html for more information. Chris
