14 Nov
2007
14 Nov
'07
8:35 p.m.
On 14.11.2007 21:30, Kyle Wheeler wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wednesday, November 14 at 02:18 PM, quoth Steffen Kaiser:
On Wed, 14 Nov 2007, Ed W wrote:
Is TLS always performed BEFORE auth with generally available POP/IMAP clients?
The IMAP spec does not contain an identification of the client application to the server. There is no "HELO" as in SMTP.
And HELO in SMTP is entirely unreliable, unverifiable, and on many servers completely skippable.
RFC says you SHOULD use FQDN for HELO nothing more. But still you can add SPF record for your HELO so nobody can foged your server HELO, thats it.