SMTP-AUTH

From Wikipedia, the free encyclopedia

(Redirected from SMTP AUTH)
Jump to: navigation, search

SMTP-AUTH is an extension of the Simple Mail Transfer Protocol (SMTP) to include an authentication step through which the client effectively logs in to the mail server during the process of sending mail. Servers which support SMTP-AUTH can usually be configured to require clients to use this extension, ensuring the true identity of the sender is known. SMTP-AUTH is defined in RFC 4954.

SMTP-AUTH provides an access control mechanism. It can be used to allow legitimate users to relay mail while denying relay service to unauthorized users, such as spammers. It does not guarantee the authenticity of either the SMTP envelope sender or the RFC 2822 "From:" header. For example, spoofing, in which one sender masquerades as someone else, is possible even with SMTP-AUTH.

The SMTP-AUTH extension also allows one mail server to indicate to another that the sender has been authenticated when relaying mail. In general this requires the recipient server to trust the sending server, meaning that this aspect of SMTP-AUTH is rarely used on the Internet. The recipient of an e-mail message cannot tell whether the sender was authenticated, so use of SMTP-AUTH is only a very partial solution to the problem of spam.

While SMTP-AUTH is generally a security improvement over unauthenticated SMTP, it can also introduce a weakness. If authenticated users are allowed to submit messages from IP addresses where unauthenticated users are not — that is, if authenticated users are allowed to relay mail — then an attacker who subverts one user's account is then able to use the authenticated server as an open mail relay. Thus, in such a configuration, every user's password becomes a key to the mail system's security. Spammers have attacked SMTP-AUTH mail servers by bruteforcing common usernames and passwords. A good password policy can effectively prevent such an attack.

Retrieved from "http://en.wikipedia.org/wiki/SMTP-AUTH"
Advanced Search
Included Web Search Engines


Safe Search

close

Top Matching Results

Occasionally Search.com will highlight specialized results that are based on the context of your query. Examples of specialized results include specific links to news, images, or video.

Top Matching Results may highlight information from other Search.com pages, content from the CNET Network of sites, or third party content. The listings are based purely on relevance. Search.com does not receive payment for listings in this section but our partners that provide this data may get paid for listing these products.

Sponsored Links

This section contains paid listings which have been purchased by companies that want to have their sites appear for specific search terms and related content. These listings are administered, sorted and maintained by a third party and are not endorsed by Search.com.

Search Results

Search.com sends your search query to several search engines at one time and integrates the results into one list which has been sorted by relevance using Search.com's proprietary algorithm. You can customize the list of search engines included in your metasearch from the preferences.

The search engines that are used in your metasearch may allow companies to pay to have their Web sites included within the results. To view the Paid Inclusion policy for a specific search engine, please visit their Web site. Search.com does not accept payment or share revenue with any search engine partner for listings in this section.