On Friday 03 November 2006 13:00, Marc Perkel wrote:
IMAP requires a password. SMTP it's optional.
Not at the University of Minnesota. We require ESMTP STARTTLS/AUTH over the standard mail submission port (587).
OK - but the rest of the world varies from what the University of Minnesota does.
This is absurd. Any responsible mail server will require some form of control over the clients it allows to relay. If yours does not, please see http://www.ordb.org/submit/ .
Yes, you might choose to allow unauthenticated relaying for clients in netblocks under your direct control. But that is also reasonable, since when you get an abuse report you can immediately cut off the relaying client.
It's a well-established best practice now to require SMTP AUTH for relaying. Every mail server I have set up or currently administer is exactly like what Steven describes. ISTM that the U. of Minnesota is quite in the mainstream.
I think that consumer SMTP should be replaced with not only something that requires a password, but that the user has to log into the account that they are sending email from.
FWIW, I think it has been replaced. If I were to authenticate to send through GMX, they would not allow me to use a different sender address. Probably all major freemail providers, and many ISPs, are already doing this.
Not necessary -- configure your mail server to match your policy requirements.
Yes but it's optional. I've done it that way but others don't.
Everyone is (or should be, sigh) responsible for abuse that comes from their networks.
But with outgoing IMAP you wouldn't have to configure outgoing email at all.
You'd simply have to create a new standard and get most server and client software to implement it. Piece of cake. :)
But I think if we tightend up the spec some we could eliminate most spam.
Many talented people have worked tirelessly to find one, but alas,
there is no FUSSP in sight.
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header