On Fri, November 3, 2006 1:36 pm, Marc Perkel wrote:
Jim Trigg wrote:
On Fri, November 3, 2006 12:09 pm, Marc Perkel wrote:
Gunter Ohrner wrote:
Am Donnerstag, 2. November 2006 23:43 schrieb Marc Perkel:
email. And the virus wouldn't have access to the IMAP password so Why not? Because the virus wouldn't have the password.
That doesn't answer the question. Why would the IMAP password be any less accessible to a virus than the SMTP password? (For that matter, what you just used was "proof by assertion" which is meaningless. "The virus wouldn't have access to the IMAP password because the virus wouldn't have the password.")
IMAP requires a password. SMTP it's optional. I think that consumer SMTP should be replaced with not only something that requires a password, but that the user has to log into the account that they are sending email from. SMTP doesn't have to be tied to IMAP accounts. If you have an SMTP account you can spoof anyone. My idea with IMAP sending is to deny the ability of the sender to use a different email address that the one that they are logged into. This is to prevent spam and spoofing.
Sorry, I thought the whole discussion was IMAP-sending versus SMTP-AUTH. Any submission port that is using neither SMTP-AUTH nor pop/imap-before-smtp is not worth considering, and any that is using such effectively requires a password to send email. As for preventing spoofing, there are scenarios in which it is necessary (real-life case study available on request).
Jim