On Thu June 16 2005 17:40, Robert A. Rosenberg wrote:
I have a question about the above statement. Why does submission of a
message warrant more stringent/secure authentication than just
reading incoming messages? IOW: If I must do authentication to the
POP/IMAP Server before being allowed to read the messages from the
server, why is this check not good/strong enough to allow me to
submit new messages based on passing the authentication check?
YMMV...
When I access a message via IMAP, the IMAP server that I access is
on a secure network (in fact, it is accessed via the loopback
interface...). When I send messages, they are (except for messages
to myself) necessarily sent over the Internet, which raises security
issues both for the client and server.
In the general case, downloading/accessing messages involves a
different administrative domain from sending (in particular, sending
involves the recipient's domain's MX hosts, whereas accessing one's
incoming mail involves only one's own mail service provider's host).
Again, YMMV.