At 11:17 -0400 on 06/16/2005, Keith Moore wrote about Re: request
discussion of two documents on SMTP relaying:
It seems likely that there will be some set of people who want to claim
that POP-before-SMTP is a good way to authenticate originators. So if
it's not a good way to do that, we should probably say so. Similar
logic would apply in the case of XTND XMIT. Though I hope that we
don't find too many more ways that people are currently doing
authenticated message submission.
I have a question about the above statement. Why does submission of a
message warrant more stringent/secure authentication than just
reading incoming messages? IOW: If I must do authentication to the
POP/IMAP Server before being allowed to read the messages from the
server, why is this check not good/strong enough to allow me to
submit new messages based on passing the authentication check?