Eric Rostetter wrote:
Quoting Marc Perkel <marc@perkel.com>:
I'm advocating for a change in the IMAP specification to allow outgoing email to be sent over the same connection as incoming rather that having to separately configure outgoing SMTP email. There are two significant advantages to this concept.
And at least as many significant disadvantages. Such as?
- It would greatly simplify setup for clients as they would only have to configure one connection rather than two.
This is only true if they want to send via the same mechanism they receive from. Yes - and why wouldn't they want the simplification?
- Spam reduction by authentication. The sending of email over the same connection tells the server that the person who is the sender of the email also has demonstrated they have access to read the account. This would be a powerful whitelisting criteria for eliminating fake senders.
Most all MTA systems already allow authentication, so this buys you nothing. But it's a separate authentication. You can authenticate as anyone or you can find an unauthenticated server that serves that IP space. What I'm proposing ties the sending to the account of the receive showing the server that the same person who can read the email is sending the email.
I can spoof Bill Gates email address and send it. But I can't do that with this protocol.
So - my question. It seems that it would be easy to do this if there were a standard. Dovecot would merely hand incoming email off to the outgoing SMTP server. Besides the difficulty of getting a standard created, am I right on my assumptions?
I don't think it matters if it is easy or difficult to do, either in general or for any particular IMAP software. But it does matter that there is a standard. And a way to fall back in the client for those systems which pre-date the new standard.
I'm not suggesting that we eliminate the old standard but add another choice.