On Oct 9, 2007, at 4:22 PM, Chris Edwards wrote:
Of course the best solution is for clients to always submit on port
465/587,
and hope that's allowed out by the hotels / mobile connectivity
providers.
Fairly often not. I've been lucky with T-Mobile, but Sprint and
Verizon apparently block it randomly. East coast t-mobile users have
had problems with blocking.
Your server then enforces encryption and SMTP-AUTH, and the SSL will
(hopefully) defeat any man-in-the-middle attacks by trans-proxies.
That's exactly the problem I am reporting. A lot of mail clients
don't enforce SSL connections, so man in the middle is silently
accepted. Only T-bird can be configured to not work any other way,
TTBOMK.
And this is irrelevant for proprietary systems like Crackberry which
use only their own servers, and Verizon which has modified software
to use their own servers, etc etc.
As more and more people do more and more of their e-mail from hand-
held devices, this problem only gets worse.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
