← Back to context

Comment by zaptheimpaler

15 hours ago

I don't know much about email, but how would some random service send an email from my domain if I've never given it any auth tokens?

8 comments

zaptheimpaler

Reply
TheDong  13 hours ago

You don't need any auth to send an email from your domain, or in fact from any domain. Just set whatever `From` you want.

I've received many emails from `root@localhost` over the years.

Admittedly, most residential ISPs block all SMTP traffic, and other email servers are likely to drop it or mark it as spam, but there's no strict requirement for auth.

  • flexagoon  11 hours ago

    You can, but most email providers will immediately reject your email or put it into spam because of missing DKIM/DMARC/SPF

  • prmoustache  12 hours ago

    > Admittedly, most residential ISPs block all SMTP traffic, and other email servers are likely to drop it or mark it as spam, but there's no strict requirement for auth.

    Source? I've never seen that. Nobody could use their email provider of choice if that was the case.

    • namibj  12 hours ago

      They don't do DPI, they just look at the destination port. And that's why there's a separate port for submission to mail agents where such auth is expected and thus only outbound mail is typically even attempted to be submitted to. Technically local delivery mail too, e.g. where the From and the To headers are valid and have the same domain.

    • TheDong  11 hours ago

      The 3 most common ISPs in the US are Comcast, Spectrum, and AT&T

      Comcast blocks port 25: https://www.xfinity.com/support/articles/email-port-25-no-lo...

      AT&T says "port 25 may be blocked from customers with dynamically-assigned Internet Protocol addresses", which is the majority of customers https://about.att.com/sites/broadband/network

      What ISP are you using that isn't blocking port 25, and have you never had the misfortune of being stuck with comcast or AT&T as your only option?

      2 replies →

jraph  15 hours ago

It should not, but it's usual to configure random services to send mails to users, for instance for password resets, or for random notifications.

Another thing usually sending mails is cron, but that should only go to the admin(s).

Some services might also display the host name somewhere in their UI.