On Wed, 3 Sep 2008, Jay R. Ashworth wrote:
Well, that depends on MUA design, of course, but it's just been pointed out to me that the RFC says MAY, not MUST.
Note that there are TWO relevant RFCs: RFC 4409 and RFC 5068. The latter says: 3.1. Best Practices for Submission Operation Submission Authentication: MSAs MUST perform authentication on the identity asserted during all mail transactions on the SUBMISSION port, even for a message having a RCPT TO address that would not cause the message to be relayed outside of the local administrative domain. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ FISHER GERMAN BIGHT: SOUTHWESTERLY 5 TO 7, OCCASIONALLY GALE 8 IN GERMAN BIGHT, DECREASING 4 AT TIMES. ROUGH OR VERY ROUGH, BECOMING MODERATE LATER. SQUALLY SHOWERS. MODERATE OR GOOD.