Quote:
|
Many years ago one of FastMail's C*Os (there were two people at FastMail back then: Jeremey Howard and Rob Mueller, so it must have been one of them) explained here in the forum why there's no need for FastMail to prevent this scenario, that is to restrict what's on the From header (and envelope header. The reason given was that anyone can send as janitor#company.com from practically anywhere, usiong an email client or telnet to port 26 at company.com's MX server).
|
15 years ago, even 10 years ago, this was a legitimate argument. At the time, commonly adopted standards had no protection against email spoofing. The adoption by most serious email services of standards like DMARC has altered the equation. Just firing up an SMTP client from a random PC and firing off spam to a company MX server will rarely work today. However, large email services, like Gmail and Fastmail, should still verify sending identities in many situations as it is very possible that email from Fastmail is permissible, but only from one or more specific accounts (something DMARC cannot validate).