Quoting Marc Perkel marc@perkel.com:
But - if it were part of IMAP then half of the setup goes away. Outgoing email configuration goes away.
Only for those who have new clients and servers implementing the new standard (those will old need to do it the old way). And even then, only for those who send their e-mail through the same machine as they read it. And then, only if they only use one email address and not multiple email addresses...
Smtp auth already handles this.
But - the incoming server and outgoing server can be and usually are different.
That is irrelevent.
I can send email spoofing anyone. But if I send through IMAP I would be showing the server that the person sending the email has access to read the email.
SMTP Auth can show this exact same thing, but in neither case does it stop spoofing.
This would be powerful as an authentication mechanism.
No more powerful than SMTP Auth where it uses the same credentials as IMAP.
With authenticated SMTP all you are says to the world is that you have some account somewhere that will accept your email, but not that you can read it. See the difference?
SMTP Auth can be configured exactly as you want. And even so, it doesn't stop spoofing.
Not making things worse with another standard, just convenient and it has the ability to demonstrate that the email came for the connection that read the email. Is simplification and identity verification.
No. It does not in any way stop spoofing just by authenticating. You would need much more to do that. And if you want to do that, why not just add that to the SMTP Auth standards?
-- Eric Rostetter The Department of Physics The University of Texas at Austin
Go Longhorns!