SMTP server security loophole

Hello

I have been testing this and it seems that if someone uses mail.mydomain.com as their SMTP server, they will be able to send email through my mail server. They don't even need the password for it. Has anyone else noticed this or I am making a mistake?

If this is so, it is a major security loophole and anyone can use anyone else's mail servers for spamming and get away with it.

Can anyone clarify my confusion?

Thanks

 

 

 

 

Top