[Dovecot] Sending email over IMAP?

Eric Rostetter rostetter at mail.utexas.edu
Thu May 4 19:41:07 EEST 2006


Quoting Marc Perkel <marc at perkel.com>:

> But - if it were part of IMAP then half of the setup goes away.
> Outgoing email configuration goes away.

Only for those who have new clients and servers implementing the new
standard (those will old need to do it the old way).  And even then,
only for those who send their e-mail through the same machine as they
read it.  And then, only if they only use one email address and not
multiple email addresses...

>> Smtp auth already handles this.
>>
> But - the incoming server and outgoing server can be and usually are
> different.

That is irrelevent.

> I can send email spoofing anyone. But if I send through IMAP
> I would be showing the server that the person sending the email has
> access to read the email.

SMTP Auth can show this exact same thing, but in neither case does it
stop spoofing.

> This would be powerful as an authentication
> mechanism.

No more powerful than SMTP Auth where it uses the same credentials as
IMAP.

> With authenticated SMTP all you are says to the world is
> that you have some account somewhere that will accept your email, but
> not that you can read it. See the difference?

SMTP Auth can be configured exactly as you want.  And even so, it doesn't
stop spoofing.

> Not making things worse with another standard, just convenient and it
> has the ability to demonstrate that the email came for the connection
> that read the email. Is simplification and identity verification.

No.  It does not in any way stop spoofing just by authenticating.  You
would need much more to do that.  And if you want to do that, why not
just add that to the SMTP Auth standards?

-- 
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!


More information about the dovecot mailing list