johnp wrote:
My stoneage MUA doesn't support SMTP AUTH at all... <shrug />
What is your MUA - and how do you authenticate securely?
The funny "X-Mailer: Mozilla 3.0 (OS/2; U)" in the header of
my mail - that's how Netsape 2.02 / 3.x identifies itself.
The authentication depends on the ISP, for one ISP it even
depends on the server:
RADIUS (ISP knows that I'm online with one of its dyn. IPs)
- then it either allows me to send any mail, or it forces
me to use an address corresponding to the account
SMTP-after-POP user:pass. The latter ISP also offers DSL,
and there can be more than one user at the other side, so
they offer a combo of RADIUS + SMTP-after-POP to get it
right in this case. "Opt-in", for users that are happy
with the old RADIUS-only solution nothing was changed
SMTP-after-POP apop. My UA is almost one decade old and
supports APOP, it's no rocket science (RfC 1939 was '96)
For SMT-after-POP add "2476 enforced submission rights" for
one _mail provider_ (no ISP) I've used: Because a pure mail
provider has no RADIUS it needs another line of defense.
End of list for this (M)UA. Not good enough for SMTP AUTH,
Netscape 4.x offers this - Netscape 4.x is a PITA for other
reasons. Maybe you saw it in another article, my project
"dummy-25-to-587-bridge" is still at the very early stage
"can do SASL CRAM-MD5". I want a transparent bridge, the
remote errors directly reflected in a local port 25 session.
In another article <43351727(_dot_)9020708(_at_)idimo(_dot_)com> you said:
| The fact that you *have* to log-in to SMTP by SASL - even
| if it is in plain - is a step in the right direction.
Please let's be clear here, PLAIN without TLS (or similar)
is no SASL, it's "verboten".
Bye, Frank
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com