3 Jul
2004
3 Jul
'04
1:14 a.m.
Hi,
.................................................
.................................................
I wonder if PT actually guarantees you the "relay
service", or if they
were just to lazy to configure their SMTP server
otherwise (as I know PT
I suspect that the latter might be true).
Provider mail servers are meant to be used to send your mail, whatever
the from email address is, because many mail providers _don't_ even have
smtp servers (at least in the past). I always send all my emails
through the service provider's smtp server I'm currently connected to.
Also remember that any PT customer is able to send
mails using your ETH
address though the PT relay.
Thus even by examining
the mail header, I
can not verify that this mail is really coming from
you (if you do not
signature your mail)! As long as your mail has not
been relayed by ETH's
mail servers the authenticity of your mail is
questionable.
As long as the email is not digitally signed, you can never be sure who
sent you the email, and you shouldn't really rely on the outgoing mail
server.... (hint: check this email's mail server)
Ok, I know
that it is possible to fake the headers by spoofing
ETH's IP addresses,
but this is outside the possibilities of infected
PCs and spammers.
In order that an email is send, data has to be exchanged between both
participating parties.... To my knowledge, if you spoof your ip address,
no data gets back to you, so you get no TCP connection to the server.
We need SMTP authentification over SSL, there is no
way around this. The
other solutions are temporal at best.
Prepare that PT will block all non @pt.lu mails
sometime in the future.
Well, maybe in a 100 years..... ;)
Hope that they will warn you on time!
Greeting, Patrick Kaell
Thibaut