Ken Lin wrote:
However, if administrator does turn on SMTP authentication, email client of
internal users will anyway need to be set up to send in authentication
information on every SMTP request. I wonder why the the administrator wants to
deliberately disable SMTP authentication for ALL intra-domain emails (which is
the current behavior of James). Why should SMTP only protect emails sent to
outside of corporation, and not emails to a corporation?
SMTP authentication is intended to give the sender "special" relaying
permissions. To send a message to a local address is not a special
permission.
Most "big companies" (as you refer to them) wil have people around the
world that should be able to send mail from their company email to other
email of the same company but are unable to connect directly to the smtp
server and will use the smtp server of their connectivity provider.
This way the message from [EMAIL PROTECTED] to [EMAIL PROTECTED] will be relayed from
the connectivity provider (because they mostly authorize based on IP
addresses) and the message will be forwarded to the company smtp server
that will reject the message.
IMHO this is an unwanted behaviour.
IMHO you intended behaviour (a better one, that include your behaviour)
should be achieved using SPF.
Stefano
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
