[ale] mail headers question

Joe Steele joe at madewell.com
Fri Aug 27 20:43:25 EDT 2004


On Friday, August 27, 2004, Geoffrey wrote:
>
> Joe Steele wrote:
> > On Friday, August 27, 2004, Geoffrey wrote:
>
> >>Your assumption may well be correct though.  Question is, why does it
> >>get through if I set my smtp server to my local machine?
> >
> >
> > Why?  Because the message is no longer being forwarded by a server which
> > mindspring considers untrustworthy (mrelay.perfora.net).
> >
> > In an ideal world, mindspring should accept mail from everywhere, as
> > long as it is addressed to mindspring recipients.  However, real-
> > world circumstances force mindspring to reject mail from any source
> > they consider untrustworthy.  They have no reason to distrust you
> > and/or speedfactory, but they evidently don't trust perfora.net.
> > Apparently their distrust is well founded;  IMO, perfora.net should
> > not have relayed your message based on the circumstances given above.
>
> So how else would you suggest that I configure this process to work?

Two accepted methods are:

1.  Configure mozilla to forward outgoing mail to *your* ISP's SMTP 
server (in other words, speedfactory, not 1and1); or

2.  Configure mozilla to forward outgoing mail to your own SMTP 
server.  Your SMTP server would then be configured to either:  

   (a) forward the mail to your ISP's server (speedfactory); or 

   (b) forward the mail directly to the recipient's mail server by 
   looking up the MX records in DNS.  (Note that some people cannot 
   use this option because they have an IP address which is not 
   static, so many SMTP servers will refuse to accept mail from 
   them.)

I doubt that any of what I just said is news to you.  I think the 
heart of the whole matter depends on this:  Why did you think you 
needed to have mozilla forward mail to smtp.1and1.com (a.k.a. 
mrelay.perfora.net and smtp.perfora.net)?  Your answer to this 
question may be, "because I was using an e-mail address hosted at 
1and1.com and that's what 1and1.com told me to do."  Indeed, that 
does seem to be what their website advises.

Correct me if I am wrong, but it looks like 1and1.com does not use 
any form of authentication for users who submit e-mail to their SMTP 
servers, except that they must use a "From" address with a domain 
name hosted by 1and1.  This is bad because spammers will figure this 
out and forge the "From" address so that mail gets through.  
Apparently, mindspring has figured this out as well and now refuses 
to receive mail from 1and1.

1and1 should either implement some authentication which is not easily 
forged, or else they should instruct their users to implement 
configuration #1. above (or in your case #2, since you are already 
running an SMTP server).  There is no need for you to use their SMTP 
servers, even though they are hosting your domain.

--Joe



More information about the Ale mailing list