Jan Kundrát wrote:

Marc Perkel wrote:

I can spoof Bill Gates email address and send it. But I can't do that
with this protocol.


You haven't answered my question I asked in the first response in this
thread. Your proposal specify that the first server on the way would
know if you're allowed to send email for one particular account (that
won't work anyway, think about the aliases etc, there's really no way to
know "what e-mail addresses is this guy allowed to receive" for an IMAP
server). What about other servers throught them the message will have to
travel?

Cheers,
-jkt

What I'm picturing, and I haven't figured out all the details, is that the IMAP server would also have an SMTP server associated with it and that the IMAP would hand outgoing email to the SMTP server. And that the SMTP server would have the alias information for that user account so it would be able to determine that the email address is real or a configured alias for that account. You do raise a good point.

I'm also am thinking about senders like Paypal and banks who are often spoofed. If the limited all their outbound email to sending over IMAP then they might be able to create a more secure sytem and because of their restrictiveness be able to somehow create a less spoofable more identifyable system.

I think the main advantage here isn't for people like us but for companies who are trying to avoid fraud. I think there will be other side benifits to it as well that will be discovered once it becomes popular. So - I'm thinking that the convience factor, the ease of setup being the initial reason to do it and that once it's in place that other things will be discovered.

I don't have all the answers, but my gut tells me this is a good idea.