<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-cite-prefix">On 1/03/13 12:22 PM, Heinz N wrote:<br>
</div>
<blockquote
cite="mid:alpine.LNX.2.00.1303011214240.14481@servex.equisoft.com.au"
type="cite">IMHO : If the ausnog SMTP MTA relays for ausnog.net,
then the external spammer can pretend to be FROM ausnog.net,
sending TO ausnog.net. The SMTP agent will then relay with no
questions asked. No pwnage required.
</blockquote>
<br>
This is a Bad Thing
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<span class="st">™</span> from a security perspective. Imagine the
amount of spam you'd get if Google allowed unauthenticated
localdomain relay for gmail.com.<br>
<br>
The other significant risk it exposes you to is targeted (spear)
phishing attacks. A 'Click this link' email supposedly originating
from @yourdomain.com has about a bazillion percent higher chance of
hitting than one from <a class="moz-txt-link-abbreviated" href="mailto:zomglol@hax0r.com">zomglol@hax0r.com</a>.<br>
<br>
AUTHENTICATED-RELAY / SPF ALL THE THINGS! =)<br>
<br>
<br>
<br>
T.<br>
</body>
</html>