[Dovecot] Sending email using IMAP

Les Mikesell lesmikesell at gmail.com
Sat Nov 4 19:30:34 UTC 2006


On Fri, 2006-11-03 at 12:36, Marc Perkel wrote:

> IMAP requires a password. SMTP it's optional. I think that consumer
> SMTP should be replaced with not only something that requires a
> password, but that the user has to log into the account that they are
> sending email from. SMTP doesn't have to be tied to IMAP accounts. If
> you have an SMTP account you can spoof anyone. My idea with IMAP
> sending is to deny the ability of the sender to use a different email
> address that the one that they are logged into. This is to prevent
> spam and spoofing.

You are talking about implementation details, not protocols
here.  Assuming you could send over IMAP, why do you think
it would any more likely that spoofing would be blocked
by all implementations than with authenticated smtp or
that all accounts that accepted IMAP logins would be
valid sending addresses?

-- 
  Les Mikesell
   lesmikesell at gmail.com




More information about the dovecot mailing list