On Fri, Sep 09, 2016 at 08:58:15PM +0100, Joe wrote: > An email client connects to its SMTP smarthost using SMTP, so there's no > way a given SMTP server can tell whether it's a client (MUA) or another > SMTP server (MTA) trying to connect to it.
That's outdated information. SMTP is used to exchange messages between mail servers (MTAs), but a client submitting a new message to its designated relay may use the "Submission" protocol on port 587 instead. (Really old clients may still use SMTP.) Relay control is a pretty important, nontrivial field. Some servers rely on an "SMTP AUTH" protocol that involves a username and password to authenticate the client. A few may still use the old "POP before SMTP" hack, in which a client that performs an authenticated POP3 retrieval opens up permission to use SMTP for some time period. I don't know how widespread this practice still is; it's quite antiquated. And of course some servers may simply whitelist their clients by IP address. This works extremely well in internal corporate settings, but very poorly if you have people working from home, on the road, etc. (I've seen the phrase "road warriors" used to refer to these clients.) Internet service providers probably use some variant of this, magically knowing who their customers are by IP address. This is outside of my experience. DJB proposed authenticating client emails by having them be PGP-signed, with the server holding the public keys necessary to validate the clients' signatures. I've never seen this actually implemented, though. So, long story short, you have to get permission to use a given host as your mail submission/relay. And how you do that is up to the owner of that host.
