From: "Logan Shaw" <[EMAIL PROTECTED]>
On Wed, 2 Aug 2006, Marc Perkel wrote:
If IMAP and POP were enhanced to allow outgoing email to be transferred back
up the same connection as incoming email it would have several advantages.
1. It would eliminate the need to configure outgoing SMTP. That makes
it easier for the consumer. It would also eliminate the need for
authenticated SMTP because IMAP/POP are already authenticated
protocols.
But they don't already exist. Authenticated SMTP does already exist.
So it's sort of an advantage (I really agree -- the configuration is
a tiny bit easier), but it also has a big disadvantage that common
e-mail clients don't have the capability to do this!
2. Viruses would not be able to send email because the outgoing email
connection, IMAP, will require a password to send email. The virus
won't have the password and won't be able to send.
Yeah, the virus won't have the password. Unless somebody comes up
with the idea of offering a "remember my password" checkbox on the
dialog that asks for the password. Then they will have the password.
Sniffers exist. Passwords are NOT the solution. They may evolve into
part of the problem.
Traffic analysis and slow downs for sending too many emails too
rapidly are part of the solution. Forcing authenticated SMTP submission
finishes the solution. The authenticated SMTP exists now. It has
password problems via simple sniffing. I wish Earthlink supported
SSL connections which can't be sniffed. That at least raises the
password ante a little. The slow down technology exists. Earthlink
claimed to be using it something like a decade ago. If the data
extracted from the slow down technology is used to simply shut off
accounts that are spewing, in real time, zombie spam would be materially
reduced. Automated submission of spewing addresses to Block Lists
from larger ISPs that can notice the patterns would also help everyone.
But mere passwords on unsecure protocols are no really big deal other
than it, theoretically, points to a specific machine that can be shut
down. (Since zombies share data it'll be a short time before this also
becomes mooted.)
There is no "solution" there is only measure and counter-measure as
both sides get better at what they want to do. Selling snake oil about
POP3 or IMAP email submission is just plain amateurish stupidity if it
is not driven by an ulterior motive.
{^_^}
