SMTP require all senders to be authenticated before accepting mail

Asked November 25, 2013, 1:13 AM EST

Why don’t SMTP servers just require all senders to be authenticated before accepting mail?

Outside United States technology computer security

1 Response

As this articles points out (http://serverfault.com/questions/557197/why-dont-smtp-servers-just-require-all-senders-to-be-authenticated-before-accep):

"SMTP is a "federated service". Every email system is self-contained but the federation (the collection of every SMTP server on the internet) can communicate with each other. The problem with such a large federation is that it has to work on trust; and spammers break that trust."

And this articles points out (https://workaround.org/ispmail/lenny/authenticated-smtp):


"a spammer could abuse your system to send millions of spam emails. This would waste your bandwidth, annoy many people and get your server blacklisted quickly. Such a relay that is not checking which emails to accept is called an "open relay"."

So to answer to "Why don’t SMTP servers just require all senders to be authenticated before accepting mail?" is a basic one, it would cost too much time and overhead to manage userids and passwords for each system.