On 18/02/2012 6:14 a.m., Dan White wrote:
On 02/17/12 13:51 +1300, Adrien de Croy wrote:
imap essentially already has its own mail submission component via imap
append. Users can trust who sends them messages, and can limit who can
send them messages (via enforceable acls). I just wish smtp worked more
like that, but that's a pipe dream.
I don't know how you can use APPEND to send a message to another user
unless you share a folder with them.
That's exactly what I want. I want to configure my ACLs to allow specific
users to connect via IMAP (or an SMTP replacement). If someone wants to
send me a message, their client connects directly to my server (why is
relay still necessary?).
in some parts of the world dialup is still prevalent.
We can't presume everyone has a full time internet connection.
If the sender and receiver are both in this category, (which is common
in such places) then finding an intersection in times for delivery if we
only have end-to-end delivery could result in significant delays.
Therefore store-and-forward is required.
They authenticate over sasl using some fancy
federated authentication protocol (project moonshot) before being allowed
to post to my inbox.
Personally I'd be tempted to mandate use of X.509 (SSL) client certs and
TLS.
Citizens and organisations of a country would have certs which were
issued and vouched for by their government.
Every submitter into the secure mail system would require a cert, and
abusers would have their cert revoked (and be fined/punished).
ISPs could vouch for clients, but could have their cert revoked if they
supported spammers.
1) The need for submission-and-relay goes away.
2) I can trust the identity of who's sending me a message.
3) I can fiddle with my acls bits to determine who I want to get messages
from.
When relay is *really* necessary, sasl authorization to allow servers to
act on behalf of domains/users should do the trick.
In my opinion (and I admit I'm getting off topic), spam is merely a
problem
rooted in relay.
I believe it's rooted in the lack of responsibility. Responsibility for
the actions of a mail sender is not enforced.
Computers can't be tried and sent to jail. They can't be responsible
for their actions. Only humans can. So the concept of a computer doing
something where no person holds responsibility for it is nonsensical.
To hold someone accountable for an action of a computer, that person
must be identifiable as the sponsor of the action. Certificates can do
that. Hence government involvement, since governments are the
organisations responsible for establishing the identity of their citizens.
--
Adrien de Croy - WinGate Proxy Server - http://www.wingate.com
_______________________________________________
imap5 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/imap5
