<p>Congrats: you've just discovered <a href="http://en.wikipedia.org/wiki/Email_spoofing">email spoofing</a>! :)</p>
<p>SMTP does not perform authentication of the sort you imply that it should, e.g. verifying that someone is authorized to send mail from a certain domain -- so anyone with a machine who knows how to run <code>sendmail</code> can do this.</p>
<p>Most anti-spoofing measures rely on the owner of a domain (e.g. <code>microsoft.com</code>) doing something which amounts to authenticating whether a message is really from them. For example, they may list every domain they normally send mail from; that's roughly what <a href="http://en.wikipedia.org/wiki/Sender_Policy_Framework">Sender Policy Framework</a> does.</p>
<p>If the recipient's server gets a message purporting to be from microsoft.com, it can check to see if that domain lists the server that sent the message. If it doesn't, it will likely increase the probability that it's rated as spam.</p>
<p>This tip was originally posted on <a href="http://stackoverflow.com/questions/24190267/How%20is%20it%20okay%20for%20sendmail%20to%20send%20emails%20from%20any%20domain?/24190373">Stack Overflow</a>.</p>
Get New Tutorials Delivered to Your Inbox
New tutorials will be sent to your Inbox once a week.