At 17:21 21.05.04 +0200, you wrote:
>Friday, May 21, 2004, 5:14:30 PM, you wrote:
>EH> At 11:41 21.05.04 +0200, you wrote:
>>>In the OLD days, people were happy with SMTP-Auth. I consider it LESS
>>>security as SMTP after POP, because with SMTP-Auth, You sent Your
>>>e-mailadress and Your password of Your mailbox over the internet.
>>>When a man-in-the-middle catch this e-mail (or worse Your PW), he can
>>>use it for spam, or access Your mailbox.
>EH> This is only true for SMTP Authentication of type "plain" and "login".
>EH> With CRAM-MD5 its quite save.
>EH> Read: http://www.fehcom.de/qmail/smtpauth.html#FRAMEWORK
>Yes, it's 'quite' safe, but You still reveal Your e-mailadress.
>If there are many hops between Your workstation and the smtpserver,
>You can get some spam in return.
>More, Your mail is sent in plaintext. I prefer encrypted streams,
>so SUPP's patch which encrypts the stream with SSL, and authenticate
>afterwards (in plaintext) is still the best way to go, it's not a big
>effort to realize.
Pls. tell us how you intend to communicate to the rest of the world by
means of email with encrypted addresses.
You are joking, troll.
Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/
Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24