Does it matter which email address Thunderbird uses to authenticate outgoing mail?

0

I have a domain with several addresses (e.g. 1@a.com 2@a.com 3@a.com ....) and I noticed that on the main settings dialog for all of them, the setting on the bottom - Outgoing Server (SMTP) - is the same. When I click on Edit SMTP Server next to it, I'm shown on the bottom - User name for Security and Authentication is indeed the same for all accounts (e.g. it's 1@a.com even for 2@a.com).

Is there any problem with that and I should create a new outgoing connection for each email address authenticating with its own username, or is it fine to leave it this way?

(I'm using a web hosting company to host the email, if that matters.)

ispiro

Posted 2019-03-24T21:22:33.203

Reputation: 1 259

Does it work the way you want? If so, don't "fix" it. :-) Those look like aliases. Do the messages go out with the correct alias? – fixer1234 – 2019-03-24T21:33:17.950

@fixer1234 I think they're sent correctly. I don't know what's might be hiding and waiting to create a problem. As for aliases - I'm not sure what you mean, they are completely separate addresses with their own folders etc. and they can all send and receive emails. There is no alias in DNS if that's what you mean. I set the DNS myself. It just points to the web host's servers. (MX. And an IP for the rest.) – ispiro – 2019-03-24T21:38:06.900

1Send yourself emails from each address and see if they arrive showing the correct origin addresses. My reference to aliases: are these totally separate accounts or does the service provider offer multiple addresses on the same account? The latter was what I was referring to as aliases. In that case, it's common for account "business", like billing or authentication, to be internally tied to the "core" address on the account, but messages show different outgoing addresses. – fixer1234 – 2019-03-24T22:24:18.180

1@fixer1234 this test is flawed because (a) it is not a good way to verify SMTP is allowing the message through as it could accept on recipient as well, and (b) The post strongly implies these are individual addresses at the domain. – davidgo – 2019-03-25T00:59:25.593

Answers

1

This will depend on your providers setup so no one can comment definitively, but this should work in practice (but can't be 100% guaranteed by anyone other then the mail provider), provided that the users are all "@a.com" -in reality use a domain name recognized by the mail server and do not have SPF or similar records precluding that server being used.

SMTP authentication is done to prevent some kinds of spam, ie prevent abuse of mail servers not associated with sender or receiver from being used to send spam. Thus what is generally of interest to the mail server provider is some kind of audit trail/control of who used the server, which can be done by verifying a mail account associated with the user.

While I have no doubt it is possible to lock this down further (ie by matching sender to email from address), this would prove problematic in practice, because you need to take into account aliases and role accounts, and I expect there would be little value in return for a lot of extra processing overhead, not to mention support headaches.

FWIW, I run a fairly common mailserver setup based on Postfix, Dovecot and various spam, virus and reputation plugins, and my server - which I expect is broadly indicative of common practice - will allow any validated user to send email.

davidgo

Posted 2019-03-24T21:22:33.203

Reputation: 49 152

Asked: 2019-03-24T21:22:33.203

Viewed: 29 times

Active: 2019-03-25T00:55:59.103