I'm advocating for a change in the IMAP specification to allow outgoing email to be sent over the same connection as incoming rather that having to separately configure outgoing SMTP email. There are two significant advantages to this concept. 1) It would greatly simplify setup for clients as they would only have to configure one connection rather than two. 2) Spam reduction by authentication. The sending of email over the same connection tells the server that the person who is the sender of the email also has demonstrated they have access to read the account. This would be a powerful whitelisting criteria for eliminating fake senders. So - my question. It seems that it would be easy to do this if there were a standard. Dovecot would merely hand incoming email off to the outgoing SMTP server. Besides the difficulty of getting a standard created, am I right on my assumptions?
Marc Perkel wrote:> 2) Spam reduction by authentication. The sending of email over the same > connection tells the server that the person who is the sender of the > email also has demonstrated they have access to read the account. This > would be a powerful whitelisting criteria for eliminating fake senders.That wouldn't work. What would be the next SMTP server on the way expected to do? Trust that address authenticity as well?> So - my question. It seems that it would be easy to do this if there > were a standard. Dovecot would merely hand incoming email off to the > outgoing SMTP server. Besides the difficulty of getting a standard > created, am I right on my assumptions?Getting such standard adopted by clients, I'd say :) Cheers, -jkt -- cd /local/pub && more beer > /dev/mouth -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20060504/773486a1/attachment.bin>
On Thu, 2006-05-04 at 11:05, Marc Perkel wrote:> I'm advocating for a change in the IMAP specification to allow outgoing > email to be sent over the same connection as incoming rather that having > to separately configure outgoing SMTP email. There are two significant > advantages to this concept. > > 1) It would greatly simplify setup for clients as they would only have > to configure one connection rather than two.Why would it be easier for a client to add a new sending method than to simply have an option to use the same credentials for smtp auth for sending.> 2) Spam reduction by authentication. The sending of email over the same > connection tells the server that the person who is the sender of the > email also has demonstrated they have access to read the account. This > would be a powerful whitelisting criteria for eliminating fake senders.Smtp auth already handles this.> So - my question. It seems that it would be easy to do this if there > were a standard. Dovecot would merely hand incoming email off to the > outgoing SMTP server. Besides the difficulty of getting a standard > created, am I right on my assumptions?Most current MUA's already handle smtp authentication and ssl. Why make things worse with yet another standard? -- Les Mikesell lesmikesell at gmail.com
Quoting Marc Perkel <marc at perkel.com>:> I'm advocating for a change in the IMAP specification to allow outgoing > email to be sent over the same connection as incoming rather that > having to separately configure outgoing SMTP email. There are two > significant advantages to this concept.And at least as many significant disadvantages.> 1) It would greatly simplify setup for clients as they would only have > to configure one connection rather than two.This is only true if they want to send via the same mechanism they receive from.> 2) Spam reduction by authentication. The sending of email over the same > connection tells the server that the person who is the sender of the > email also has demonstrated they have access to read the account. This > would be a powerful whitelisting criteria for eliminating fake senders.Most all MTA systems already allow authentication, so this buys you nothing.> So - my question. It seems that it would be easy to do this if there > were a standard. Dovecot would merely hand incoming email off to the > outgoing SMTP server. Besides the difficulty of getting a standard > created, am I right on my assumptions?I don't think it matters if it is easy or difficult to do, either in general or for any particular IMAP software. But it does matter that there is a standard. And a way to fall back in the client for those systems which pre-date the new standard. -- Eric Rostetter The Department of Physics The University of Texas at Austin Go Longhorns!
Marc Perkel wrote:> I'm advocating for a change in the IMAP specification to allow outgoingNot as bad as your usual ideas, but it has been thought before: http://www.courier-mta.org/imap/smap.html I doubt that something like this will spread in the foreseeable future.