SMTP Authentication in Zend Framework

Question

Here's a scenario; I want to send email using PHP and Zend Framework. Here's an example on how this is usually done:

$smtp = new \Zend_Mail_Transport_Smtp(array(
    'host'=> 'localhost'
    , 'auth' => 'login'
    , 'ssl' => 'TLS'
    , 'username' => 'john'
    , 'password' => '123'));
\Zend_Mail::setDefaultTransport($smtp);
$mail = new \Zend_Mail();
$mail->addTo('jane.smith@localhost', 'Jane Smith');
$mail->setSubject('Greetings');
$mail->setBodyText('Hi there');
$mail->setFrom('john.smith@localhost', 'John Smith');
$mail->send();

My question is, how can we make sure that the from address (in this case 'john.smith@localhost') actually exists and it belongs to the username and password provided to SMTP connection? Because if it is not, then I can send email on behalf of anyone!

[UPDATE]

I believe I found a partial answer to my own question. It should be done through IMAP / POP3 protocols. But yet these two protocols take in a username and password in order to athenticate and so you can not check for the association between the provided username and an email address. So the question is how to authenticate an email address through IMAP / POP3 in PHP and Zend Framework?

Answer 1

SMTP does allow to send emails as anyone. This is why most security-oriented people promote the use of digital signatures.

Validation can be done by the SMTP itself. Gmail's SMTP will refuse to send emails with an address not attached to the account for example.