9. Security Considerations

Separation of submission and relay of messages allows a site to implement different policies for the two types of services, including requiring use of additional security mechanisms for one or both. It can do this in a way which is simpler, both technically and administratively. This increases the likelihood that policies will be applied correctly.

Separation also can aid in tracking and preventing unsolicited bulk email.

For example, a site could configure its mail servers such that the MSA requires authentication before accepting a message, and the MTA rejects all RCPT commands for non-local users. This can be an important element in a site's total email security policy.

If a site fails to require any form of authorization for message submissions (see section 3.3 for discussion), it is allowing open use of its resources and name; unsolicited bulk email can be injected using its facilities.

Section 3 includes further discussion of issues with some authentication methods.

Section 5.2 includes a cautionary note that unlimited logging can enable certain forms of denial of service attacks.