On Wed, 11 Feb 2004 15:13:30 EST, Sean Donelan said:
So is it time for ISPs to start blocking port 587 too?
RFC2476 says: 3.2. Message Rejection and Bouncing MTAs and MSAs MAY implement message rejection rules that rely in part on whether the message is a submission or a relay. For example, some sites might configure their MTA to reject all RCPT TOs for messages that do not reference local users, and configure their MSA to reject all message submissions that do not come from authorized users, based on IP address, or authenticated identity. Is there any indication that there are enough sites *NOT* doing some sort of authentication check on accepting messages on port 587 that it's worth the effort of blocking? Or should we just say "Submit mail via webmail, let's see the ISP block *THAT*"?