I have received complaints from people about NOT being able to spoof
Technical Support: "This is CompanyX, how can I help you?"
31337kiddi0t: "wHy c0m3 3ye c4nt sp0of?!$!*@"
With all of the different standards which tend to add confusion, too much
time seems to be going to waste drafting them while networks and
businesses suffer from what's currently in place. From my perspective
if someone mentioned this to me via complaints their account would be
cancelled immediately since there is no benefit to sending out spoofed
"But it's a pen test audit!" Even in situations where a security admin
needed to test certain elements an aware admin would find a way to get
around doing what they had to do.
Blocking elements such as SMTP do have its place and I'm sure most know
this is not the "definitive" solution nothing more than patch work but it
still has its advantages. The same way spammers can adapt, so should an
engineer be able to for those who would like to contest the notion that
one would be making "smarter idiots" who send spam and create malice.
I've been digging more into RFC's in hopes of learning more from a
technical perspective for my own sake and to date, all I've seen is more
of less patchwork. Instead of reinventing the wheel as the old saying
goes, sometimes a patch can get you moving on a flat tire. Sure it is a
temporary solution, but it is a solution.