SMTP-AUTH
The SMTP-AUTH extension provides an access control mechanism. It consists of an authentication step through which the client effectively logs in to the mail server during the process of sending mail. Servers that support SMTP-AUTH can usually be configured to require clients to use this extension, ensuring the true identity of the sender is known. The SMTP-AUTH extension is defined in RFC 4954.
SMTP-AUTH can be used to allow legitimate users to relay mail while denying relay service to unauthorized users, such as spammers. It does not necessarily guarantee the authenticity of either the SMTP envelope sender or the RFC 2822 "From:" header. For example, spoofing, in which one sender masquerades as someone else, is still possible with SMTP-AUTH unless the server is configured to limit message from-addresses to addresses this AUTHed user is authorized for.
The SMTP-AUTH extension also allows one mail server to indicate to another that the sender has been authenticated when relaying mail. In general this requires the recipient server to trust the sending server, meaning that this aspect of SMTP-AUTH is rarely used on the Internet. The recipient of an e-mail message cannot tell whether the sender was authenticated, so use of SMTP-AUTH is only a very partial solution to the problem of spam.
While SMTP-AUTH is a security improvement over unauthenticated SMTP, it won't eliminate all abuse. Common passwords can be guessed in a brute force attack. Even a secure password can be stolen if a user's machine is infected, for example, by insecure web browsing. A good password policy and per-account rate limits on outgoing mail are two very effective countermeasures. Domains that implement these countermeasures for their outgoing mail servers will be much less tempting targets.
Read more about this topic: Extended SMTP