[Dovecot] Sending email using IMAP

Magnus Holmgren holmgren at lysator.liu.se
Fri Nov 3 20:03:47 UTC 2006


On Friday 03 November 2006 19:36, Marc Perkel took the opportunity to say:
> IMAP requires a password. SMTP it's optional. I think that consumer SMTP
> should be replaced with not only something that requires a password, but
> that the user has to log into the account that they are sending email
> from. SMTP doesn't have to be tied to IMAP accounts. If you have an SMTP
> account you can spoof anyone. My idea with IMAP sending is to deny the
> ability of the sender to use a different email address that the one that
> they are logged into. This is to prevent spam and spoofing.

You never give up, do you? Every time you propose submission by IMAP many 
people tell you that there is no fundamental difference between that and 
authenticated SMTP. Every ISP in the world, including the large-scale 
spammers who act as ISPs themselves, would have to employ suitable policies 
to avoid transmitting spoofed email. SMTP will still be used to transmit the 
mail to its destinations. Real authenticity is achieved using digital 
signatures, e.g. DKIM, in combination with SPF and your personal trust 
preferences. For example, GMail allows their users to send mail from any 
email address they can demonstrate that they own. That's good, that's what 
yoy want, and it is completely unrelated to IMAP.

-- 
Magnus Holmgren        holmgren at lysator.liu.se
                       (No Cc of list mail needed, thanks)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20061103/f3408fe4/attachment.pgp 


More information about the dovecot mailing list