On Thu, 2006-05-04 at 11:24, Marc Perkel wrote:
- It would greatly simplify setup for clients as they would only have to configure one connection rather than two.
Why would it be easier for a client to add a new sending method than to simply have an option to use the same credentials for smtp auth for sending.
But - if it were part of IMAP then half of the setup goes away. Outgoing email configuration goes away.
No it doesn't. The other options are going to go away even if this becomes another choice.
- Spam reduction by authentication. The sending of email over the same connection tells the server that the person who is the sender of the email also has demonstrated they have access to read the account. This would be a powerful whitelisting criteria for eliminating fake senders.
Smtp auth already handles this.
But - the incoming server and outgoing server can be and usually are different. I can send email spoofing anyone.
Again, adding another option doesn't change your ability to spoof through an existing smtp server that allows it. But smtp servers don't have to allow it now.
But if I send through IMAP I would be showing the server that the person sending the email has access to read the email.
What you are showing is that you know some user's password. The same thing you show in smtp auth.
This would be powerful as an authentication mechanism. With authenticated SMTP all you are says to the world is that you have some account somewhere that will accept your email, but not that you can read it. See the difference?
No, in many/most cases it is the same server or at least authenticating against the same login/password database.
Most current MUA's already handle smtp authentication and ssl. Why make things worse with yet another standard?
Not making things worse with another standard, just convenient and it has the ability to demonstrate that the email came for the connection that read the email.
It does make things worse because no client knows how to do it and there would be years of version confusion about which ones do/don't support it if it is added now.
Is simplification and identity verification.
It might have been if it had been done before smtp auth.
-- Les Mikesell lesmikesell@gmail.com