POP-before-SMTP, OTOH, is very common, and that makes POP authentication
very relevant indeed. POP-before-SMTP also carries with it an additional,
unique set of security risks. Do we need to document them as well?
The purpose of the spamops specification is to get operators to use certain,
strategic procedures.
With respect to authentication, it cites some techniques, but is not intended
to
discuss them in depth. In other words, the document really does try to avoid
the slippery slope of debating nuances about different authentication methods.
Such a debate seems a sure way to distract the document from it's primary
goal, as well as to delay its publication indefinitely.
d/
---
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker a t ...
WE'VE MOVED to: www.bbiw.net