On Tue, 16 Aug 2005, Jeremy Doupe wrote:
For outgoing mail (as opposed to internal office memos), TLS is not
necessary. Your email is unecrypted anyway once it leaves the MTA
and goes into the wild, wild internet.
Eh? You still want TLS to cover your SMTP AUTH commands i.e. protect
your password.
SMTP AUTH uses CRAM-MD5 or DIGEST-MD5 (or any other protocol
implemented by both sides) to protect the password. It
is not sent in cleartext. The PLAIN protocol is usually
allowed only in conjunction with TLS.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.