There's a show stopper for MD5 passwords that is CRAM-MD5 SMTP authentication. This algo need the real password to work and this will make all You to ask Your clients to reconfigure their MUAs. I think this is not acceptable coz most MUA uses CRAM-MD5 when available ( for security reasons ). Since I know that ISP are never happy to deal with customers phone calls I'll stop this thread soon. So, as I said in the previous email, the way XMail deal with password is outstanding :) - Davide
