[Top] [All Lists]


2011-05-31 23:17:48

The place it might have value would be high traffic webmail
servers, where a single application serves a large number of
users. The ability to keep a connection pool open might be
helpful. TCP setup and teardown isn't that expensive compared
to authentication, but TLS setup might be.

Seems to me that RFC 4954 provides the the AUTH=mailbox parameter
on MAIL FROM for just this scenario.

AUTH= is the correct mechanism if there's an overarching authorizing
relationship, that is, the server supports some sort of authentication that
authorizes the client to use some set of AUTH= values.

But the AUTH= mechanism isn't useful for ad-hoc send-on-behalf-of systems. The
necessary relationship to make it work isn't there.

Another issue with AUTH is that the specification really doesn't nail down the
semantics sufficiently to insure interoperability, but that's really a separate
issue for another day.