C-punks: While working on the SMTP and NNTP clients for the WinSock remailer, I have uncovered two questions I don't know the answer to. Here they are: 1. When sending a message to the SMTP server, I use scenario 4 as shown in RFC821 as a basis for my client. There seems to be a huge security hole in SMTP. I can use just about any name when sending the VRFY command. For example, I could connect to "sensemedia.com" and pretend to be "tcmay". Is there something I'm missing here or is there really that big a security hole in SMTP? 2. How do you do user authentication in NNTP? There's nothing about it RFC977. Is there a later RFC that describes how to do user authentication? All of my newsreaders support this function, but I haven't been able to figure out how to do it. Any help you can give me would be appreciated. ObWinSock Remailer: I have the POP3, NNTP and SMTP clients functional now. With luck, I'll have an alpha test version of the remailer in two or three weeks. ObCypherPunks: Is the list down? I haven't heard a peep since about noon. I send a "who cypherpunks" to majordomo and received a quick reply which shows I'm still subscribed. Any idea? Regards, -- Joey Grasty jgrasty@gate.net [home -- encryption, privacy, RKBA and other hopeless causes] jgrasty@pts.mot.com [work -- designing pagers] "Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin." -- John Von Neumann