End of the road for SMTP?

[Julio Franco]

The protocol that has defined e-mail for more than two decades may have a fatal flaw: It trusts you.

SMTP makes that assumption because it doesn't suspect that you're sending a Trojan horse virus, that you're making fraudulent pleas for money from the relations of deposed African dictators, or that you're hijacking somebody else's computer to send tens of millions of ads for herbal Viagra.

Read more: CNet News.

 

[Phantasm66]

SMTP is wide open. You can telnet to the SMTP port on a any server that's running it and without a password start to tell it what to do. You can spoof e-mail messages from any source address you like, and with some work you can spoof the originating IP address as well.

The fact that it is so wide open is, as Julio has pointed out, responsible for a lot of spam on the net. If we got rid of SMTP, things would improve.

 

[Phantasm66]

Same goes for FTP and PAP. These things were invented when the internet was a much smaller and more trustworthy place. If it had remained in the hands of scientists, academics and technicians then it would have been fine. But now the internet is exposed to untrusted parties. Anything that's not secure is rubbish.