At 06:59 PM 3/9/2000 -0800, Doug Royer wrote: >The reason that I think that, is that >may MTA's do not allow VRFY or EXPN, they return unimplemented. >I would suspect the same for UPNEXPAND. Many will NOT want >to give out membership lists to spammers. And I do not see >any benifit for UPNEXPAND - other than debugging. And >it would not be used from a CUA, or at least it would not >be reliable from a CUA as it can be turned off at the CS.
An MTA that returns unimplemented for VRFY is in technical violation of the SMTP specification.
SMTP is unauthenticated, CAP is not. A CS could have authorizations that determine which users are allowed to use UPNEXPAND.
On the contrary, SMTP has authentication facilities. They are optional but they are there. In fact deployment of them is happening pretty rapidly as they are often used as part of a spam control strategy. And they can be used to enable/disable use of EXPN.