> POP3 before SMTP was a quick hack because POP3 already had authentication,
> and SMTP didn't have it (at the time). Even sites, such as ORDB, that
> recommend POP3 before SMTP say that STMP AUTH would be preferable.
Sendmail says "[SMTP AUTH] is useful for roaming users and can replace
POP-before-SMTP hacks if the MUA supports SMTP AUTH." For roaming users,
sendmail recommends SMTP AUTH, elaborating also that "some hacks are
described to provide less sophisticated forms of authentication which do not
use SMTP AUTH. The best of these methodes is called POP-before-SMTP."
Of course, even with {ID,IP}-tuples, someone *could* spoof the ID, but that
seems really less likely.
It is quite sad that in 2000, folks at sendmail thought that within 2 years,
almost all e-mail transfer would be over SSL by default, and today we're
nowhere near even a fraction of it. :-(
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
