spf-discuss
[Top] [All Lists]

Re: Re: SPF implementations

2005-08-16 07:17:41
On Tue, 16 Aug 2005, Jeremy Doupe wrote:

For outgoing mail (as opposed to internal office memos), TLS is not
necessary.  Your email is unecrypted anyway once it leaves the MTA 
and goes into the wild, wild internet.
 


Eh?  You still want TLS to cover your SMTP AUTH commands i.e. protect 
your password.

SMTP AUTH uses CRAM-MD5 or DIGEST-MD5 (or any other protocol 
implemented by both sides) to protect the password.  It
is not sent in cleartext.  The PLAIN protocol is usually
allowed only in conjunction with TLS.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.


<Prev in Thread] Current Thread [Next in Thread>