Marc Perkel wrote:
What I'm picturing, and I haven't figured out all the details, is that the IMAP server would also have an SMTP server associated with it and that the IMAP would hand outgoing email to the SMTP server. And that the SMTP server would have the alias information for that user account so it would be able to determine that the email address is real or a configured alias for that account. You do raise a good point.
I'm also am thinking about senders like Paypal and banks who are often spoofed. If the limited all their outbound email to sending over IMAP then they might be able to create a more secure sytem and because of their restrictiveness be able to somehow create a less spoofable more identifyable system.
Nope. They might use any method for their unbound mail, but as long as it goes to jkt@gentoo.org, the SMTP server of Gentoo will be responsible for final delivery to my account. It really can't take any stuff like "sent via IMAP" into consideration as those flags might be easily forged. The only attempt it can do is to check if the mail server that submitted the message in question is actually listed in the sender's domain's DNS information / DomainKey-Signature header. As a result, I wouldn't be able to receive this message as it was forwarded by talvi.dovecot.org...
I think the main advantage here isn't for people like us but for companies who are trying to avoid fraud. I think there will be other side benifits to it as well that will be discovered once it becomes popular.
Can't see any of them :)
So - I'm thinking that the convience factor, the ease of setup being the initial reason to do it and that once it's in place that other things will be discovered.
Ease of setup? Why? If you're a large company, you surely deploy preinstalled computers to your users. It really doesn't matter if you add one more item to the disk image.
Cheers, -jkt
-- cd /local/pub && more beer > /dev/mouth