On 14.11.2007 21:30, Kyle Wheeler wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday, November 14 at 02:18 PM, quoth Steffen Kaiser:
On Wed, 14 Nov 2007, Ed W wrote:
Is TLS always performed BEFORE auth with generally available POP/IMAP
clients?
The IMAP spec does not contain an identification of the client application
to the server. There is no "HELO" as in SMTP.
And HELO in SMTP is entirely unreliable, unverifiable, and on many
servers completely skippable.
RFC says you SHOULD use FQDN for HELO nothing more. But still you can
add SPF record for your HELO so nobody can foged your server HELO, thats it.
