I'm surprised to see such poorly considered statements from JD. Unless SMTP AUTH (just released in sendmail 3 weeks ago) works in every client, and is support in MS Exchange, then we (that is we as an operations community) don't have the technology to practically authenticate it yet. I too can write an authenticated SSL client & server to transfer mail between two computers. But its not useful unless its widely deployed. Statements to the contrary are just foolishness in an operational context such as a real business. We are running a _BUSINESS_, not a research lab, with one server and one specially developed client. We don't run relays out of laziness. We went out of our way to enable them. We go out of our way to monitor them for unauthorized use. We would certainly prefer an authenticated mail system. We have to live with what is currently deployed. What annoys me about the pressure from the junior antispammer league is they go from "gee, you know you can close those relays" We respond "Yes, we know. We operate them on purpose for business reasons". At times, I've explained these business reasons in detail. The technical conclusion is then that we have to operate relays. They then jump to "Thats unacceptable. You MUST CLOSE THEM". We say "No. Absolutely not." They say "Well, in that case we're going to start committing crimes against your service, posting to alt.2600, inciting attacks, and wasting your time, bandwidth, and computer resources until you agree to close them." We say, thats extortion. We say that crimes against our service are crimes. We report them, and they will get eventually get punished, and we will work hard to get paid for the services rendered and the damages done by criminals. We don't tolerate this sort of behavior. Most companies don't. --Dean ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc dean@av8.com LAN/WAN/UNIX/NT/TCPIP http://www.av8.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++