Path: utzoo!attcan!uunet!husc6!cmcl2!nrl-cmf!mailrus!uflorida!gatech!ulysses!smb
From: smb@ulysses.homer.nj.att.com (Steven M. Bellovin)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: anonymous messages
Message-ID: <10850@ulysses.homer.nj.att.com>
Date: 14 Nov 88 14:50:22 GMT
References: <8811072122.aa04460@ICS.UCI.EDU> <19432.595013634@paris.ics.uci.edu>
Organization: AT&T Bell Laboratories, Murray Hill
Lines: 17

In article <19432.595013634@paris.ics.uci.edu>, raj@PARIS.ICS.UCI.EDU writes:
> ...  It seems to me as if we could solve this whole
> problem once and for all by simply requiring the originating port for SMTP
> deliveries to be a privileged port ( < 512 )....

> Well, what's wrong this idea?  I figure there has to be something wrong with
> it or else it would have been suggested long ago.

According to the spec, there's no such thing as a privileged or reserved
port.  Berkeley has one, but (contrary to appearances) they do not define
TCP/IP...

More seriously, even if there were privileged ports defined, it still
does nothing against someone with a PC, for which the very concept of
trusting anything doesn't make sense.  If you're really concerned about
mail-spoofing, the only real answer is to use some sort of digital
signature or end-to-end encryption.