JJ> Date: Thu, 3 Feb 2005 15:41:34 -0800 (PST) JJ> From: Joel Jaeggli JJ> > How about using SMTP AUTH and verifying the envelope MAIL FROM to match JJ> > the actual user authenticating? JJ> JJ> that doesn't work if you have more than one email address. The words "overreaching" and "fallacious" come to mind. JJ> auth is sufficient to make email traceable to your own customers. End users also would appreciate the ability to _know_ a message is not forged. Alas, I doubt much has changed since last October's BCP38 discussions, so perhaps I should not hold my breath. Eddy -- Everquick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita ________________________________________________________________________ DO NOT send mail to the following addresses: davidc@brics.com -*- jfconmaapaq@intc.net -*- sam@everquick.net Sending mail to spambait addresses is a great way to get blocked. Ditto for broken OOO autoresponders and foolish AV software backscatter.