You should know all your users email addresses.
You have got to be kidding.
Not kidding. I have a mail system that handles mail for the example.com domain. I use SMTP AUTH as the only means to relay through the server. My expectation from my customers is that they will utilize this mail service for their user@example.com communications. This means the mail server has knowledge of all 'mail from' addresses my users are allowed to use. Who says that Joe ISP has to provide an open SMTP relay to all customers on his IP space? Let's face it, it doesn't work! Even with throttling some SPAM will make it thorough and tha mail server will be black listed and unable to deliver mail to many destinations in no time. It's only a matter of time before owned PCs aquire the 'intelligence' to utilize SMTP AUTH to relay mail. So to clarify my position, my SMTP server handles mail for my users and noone else. My users are identified by their email address(es) on my mail server. Therefore, I can enforce that may mailserver reject relayed mail that does not have a 'mail from' address that corresponds to one of the valid email addresses for an authenticated users. I am addressing the dilemma with the average home user. If you own a bunch of domains you're in a whole different class. Make arrangement with your ISP to handle your mail, run your own mail server or buy hosting with email accounts. Point is, if you own a bunch of domains you're not the average home user that floods the world with crap without their knowledge. Adi