p.s. I suspect ietf-smtp doesn't want to dig down into details of how
IoT devices should authenticate submissions - at least not just yet -
and such a topic might be better discussed in a working group that's
specifically tailored to that purpose. For now I just want people to
realize that some long-held assumptions may not be universlaly valid.
On the contrary, I'd like to understand what we can and can't expect
them to do, and how they match up with the facilities we already have.
For example, CRAM-MD5 challenge authentication is widely available
give or take the issue that the server needs to store the password in
the clear. If that's good enough, that's one less thing we need to
Also, some of the stuff you find confusing could go into a BCP, e.g.,
when to use port 25 vs port 587. The main reason to do submission on
port 465 or 587 rather than 25 is that a lot of networks firewall port
25 as an effective anti-spam measure. If you can be sure that your
network doesn't do that, at least for its internal traffic, port 25
submission works fine.
ietf-smtp mailing list