Who can authenticate an email

What is SMTP Authentication? Secure emails against spam

The point behind SMTP-Auth is to prevent a SMTP serveris misused as an "open mail relay"to spread spam across the network. The need for this procedure is due to the inherent properties of the original SMTP from 1982, which did not provide for user authentication by default. For this reason, open mail relays were the norm until around 1997 - that is, mail servers that forward every email, regardless of the sender address and the recipient address. What seems absurd from today's perspective had good reasons back then: system errors and server failures occurred more frequently, which is why open mail relays should maintain traffic in an emergency.

However, this grew out of the widespread use of such unprotected relays Problem of the flood of spam. Morally questionable advertisers as well as malicious criminals (above all the notorious "spam king" Sanford "Spamford" Wallace with his company Cyberpromo) used the open servers by means of stolen or invented e-mail addresses to distribute spam (this practice is called "Mail spoofing").

Since the servers did not have any additional authentication mechanisms at the time, they accepted the spam emails without hesitation and fed them into the network. By using third-party hardware, the spammers saved their own resources and could not be traced. Furthermore, the constant change of fake addressesTo bypass spam filters. Various countermeasures have been developed to solve the problem of open mail relays - first SMTP-After-POP, then in 1995 ESMTP and ASMTP. With success: The number of open mail relays shrank from several hundred thousand to a tiny fraction by 2005/06.

Although the situation is no longer as critical as it was back then, spammers are still doing it, according to the international non-profit organization Spamhaus 10 to 20 new open servers per day located in the network. Sometimes they are the result of the recklessness of inexperienced administrators who temporarily open their server for testing purposes. According to Spamhaus, the problem is more often with badly configured or cracked firewalls and external security applications - So not necessarily with the server configuration per se, as is often the case with small regional companies. If an application lets a spam mail through, it is passed on via a local SMTP connection with the IP address of the respective application to the server, which then treats it as trustworthy. In addition, more and more spammers are using Botnets from "zombified" home computers as relays.

Now it is the case that open mail relays instrumentalized for spam are usually identified as such after a few days or even hours and then on so-called Blacklists land. As a result, even legitimate e-mails end up in the recipient's spam filter, so that the operator of a mail server first has to close the security gap and then try to delete it from the list in order to be able to operate normally again. Spammers not only generate high traffic at the expense of their hardware speed; their battered reputation and the additional time required also cost money.

It is precisely for this reason that almost all use mail servers these days ESMTP in conjunction with ASMTP. So you always require authentication in advance of using your e-mail service. An optimally configured SMTP relay (also known as a “smart host”) is a server that only forwards e-mails from senders to third parties if it is responsible for both parties. In plain language: Incoming mails are only sent to registered users, and outgoing mails only come from registered users or those who are authorized to use the mail server.