[Dovecot] Sending email over IMAP?

Marc Perkel marc at perkel.com
Thu May 4 19:24:21 EEST 2006


Les Mikesell wrote:
> On Thu, 2006-05-04 at 11:05, Marc Perkel wrote:
>   
>> I'm advocating for a change in the IMAP specification to allow outgoing 
>> email to be sent over the same connection as incoming rather that having 
>> to separately configure outgoing SMTP email. There are two significant 
>> advantages to this concept.
>>
>> 1) It would greatly simplify setup for clients as they would only have 
>> to configure one connection rather than two.
>>     
>
> Why would it be easier for a client to add a new sending method
> than to simply have an option to use the same credentials for
> smtp auth for sending.
>   
But - if it were part of IMAP then half of the setup goes away. Outgoing 
email configuration goes away.
>   
>> 2) Spam reduction by authentication. The sending of email over the same 
>> connection tells the server that the person who is the sender of the 
>> email also has demonstrated they have access to read the account. This 
>> would be a powerful whitelisting criteria for eliminating fake senders.
>>     
>
> Smtp auth already handles this.
>   
But - the incoming server and outgoing server can be and usually are 
different. I can send email spoofing anyone. But if I send through IMAP 
I would be showing the server that the person sending the email has 
access to read the email. This would be powerful as an authentication 
mechanism. With authenticated SMTP all you are says to the world is that 
you have some account somewhere that will accept your email, but not 
that you can read it. See the difference?
>   
>> So - my question. It seems that it would be easy to do this if there 
>> were a standard. Dovecot would merely hand incoming email off to the 
>> outgoing SMTP server. Besides the difficulty of getting a standard 
>> created, am I right on my assumptions?
>>     
>
> Most current MUA's already handle smtp authentication and
> ssl.  Why make things worse with yet another standard?
>   
Not making things worse with another standard, just convenient and it 
has the ability to demonstrate that the email came for the connection 
that read the email. Is simplification and identity verification.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://dovecot.org/pipermail/dovecot/attachments/20060504/4f053b96/attachment.htm


More information about the dovecot mailing list