William Astle wrote:
Marc Perkel wrote:
  
IMAP requires a password. SMTP it's optional. I think that consumer SMTP
should be replaced with not only something that requires a password, but
that the user has to log into the account that they are sending email
from. SMTP doesn't have to be tied to IMAP accounts. If you have an SMTP
account you can spoof anyone. My idea with IMAP sending is to deny the
ability of the sender to use a different email address that the one that
they are logged into. This is to prevent spam and spoofing.

    

I don't know what SMTP software you're using, but on my servers port 587
*requires* authentication and port 25 requires authentication in order
to relay mail. Of course, once authenticated, you can put anything you
want for sender address but that, too, can be prevented with a
reasonable MTA and correct configuration.

Basically, my point is that you can configure your SMTP server to
enforce whatever restrictions you want on the envelope or even the
headers. Just because you can configure it to be an open relay doesn't
mean you have to have it configured that way.

  
It does on mine as well. But I do not control the rest of the world. If everyone used this standard then spam would drop drastically.