[Top] [All Lists]

Re: request discussion of two documents on SMTP relaying

2005-06-16 16:22:48

On Thu June 16 2005 17:40, Robert A. Rosenberg wrote:

I have a question about the above statement. Why does submission of a 
message warrant more stringent/secure authentication than just 
reading incoming messages? IOW: If I must do authentication to the 
POP/IMAP Server before being allowed to read the messages from the 
server, why is this check not good/strong enough to allow me to 
submit new messages based on passing the authentication check?


When I access a message via IMAP, the IMAP server that I access is
on a secure network (in fact, it is accessed via the loopback
interface...).  When I send messages, they are (except for messages
to myself) necessarily sent over the Internet, which raises security
issues both for the client and server.

In the general case, downloading/accessing messages involves a
different administrative domain from sending (in particular, sending
involves the recipient's domain's MX hosts, whereas accessing one's
incoming mail involves only one's own mail service provider's host).

Again, YMMV.

<Prev in Thread] Current Thread [Next in Thread>