i would say, that isn't totally correct.
If someone can send from extern, and with an account wich one is local stored, to someone who is also stored locally, it should be necesary to "auth" him, before he can send.
Or would you like, if i could impersonate my self as someone else?
i could send with your Account to someone else, i think thats not okey.
but if rfc doesn't handle this, could you please provide me some information how to force authentification for this?
thanks and best regards