Mark,
Your point of caution is very good. But that leads to one other question.
A lot of sites are very security conscious. For example, at
www.sourceforge.net, all CVS operations are using an SSH key. And of
course, there is the encrypted protocol with browsers for credit-card stuff,
etc.
But, in practice, has ANYBODY ever heard of a network sniff attack by a
spammer? Everyone complains that POP3 and FTP send passwords in the plain,
and an attack is possible, but has it ever been done?
It would be hard for me to imagine a spammer somewhere with access to the
right equipment positioned carrying the right traffic to intercept a POP3
transaction.
Does this ever happen in practice on the Internet? I know it is possible,
but is it done?
Dave.
> -----Original Message-----
> From: Mark [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 20, 2001 10:04 AM
> To: David T. Ashley
> Subject: Re: POP Before SMTP Question
>
>
> > I'm searching for a "POP before SMTP" solution for qmail.
> >
> I won't answer what others already have but I will warn you
> that you will probably want to run an ssl wrapped pop server
> or some other solution that encrypts pop passwords. Pop
> normally sends plain text passwords across the net which
> are very easy to sniff out. Once they have the login information
> a spammer would then be able to authenticate with your pop
> server and use your server as a relay.
>
>
>
>
