Allowing IMAP/POP to Send Email

[Marc Perkel]

Allowing IMAP/POP to Send Email The email SMTP protocol was created in simpler times. One of the problems is that it is far too easy for any one person to impersonate any other person on the planet. One of the things that will reduce spam and fraud on the Internet is to make it more difficult for one person to impersonate someone what they aren’t. But to do this we need to change that way email is distributed and do it in a way that is a natural evolution of the current system. In the beginning the Internet was a Unix network where every computer had its own SMTP server. One person would create an email that was submitted to the local SMTP server, the local server contacted the destination SMTP server and that server would deliver the message into the local email box. That method still works today but few people get their email that way. Sender --> SMTP --> Recipient Today we have more of a consumer model where consumers run email clients and leave the SMTP servers to their Internet Service Providers (ISPs) The user creates an email message that is sent to their local ISP who has an SMTP server. That server accepts the email and then transfers the email by SMTP to the server that stores the incoming email for that user. Then the recipient connects to their server by POP/IMAP protocols to download their email. Sender --> SMTP --> Sender’s ISP Server Sender’s ISP Server --> SMTP --> Recipient’s ISP Server Recipient’s ISP Server --> IMAP --> Recipient The problem is that anyone can impersonate any other person by setting their address to be anyone else on the planet. SMTP provides no checking to determine if the sender is the same person as they say they are. And the end user is using the same protocols to talk to servers that servers use to talk to each other so servers can’t tell if they are talking to legitimate servers or end users. I suggest a modification in the IMAP/POP protocols that allow for a two way transfer of email rather than requiring incoming email to be downloaded with IMAP/POP and outgoing to be SMTP. Sender --> IMAP --> Sender’s ISP Server Sender’s ISP Server --> SMTP --> Recipient’s ISP Server Recipient’s ISP Server --> IMAP --> Recipient If IMAP and POP were enhanced to allow outgoing email to be transferred back up the same connection as incoming email it would have several advantages. It would eliminate the need to configure outgoing SMTP. That makes it easier for the consumer. It would also eliminate the need for authenticated SMTP because IMAP/POP are already authenticated protocols. Viruses would not be able to send email because the outgoing email connection, IMAP, will require a password to send email. The virus won’t have the password and won’t be able to send. The server would accept outgoing email and label the from field to be the same as the email account preventing the user from pretending to be an email address other than the one the user authenticated as. It would then deliver the message to the local SMTP server which would then send it to the destination server. This method allows the system to assert that the sender’s email address was sent from a person who had the ability to log in and read the email. Thus if you get an email from [EMAIL PROTECTED] then you know that the person sending the email had the username and password to receive email on that account. It would eliminate virus infected spam zombies from pretending to be SMTP servers because they would no longer be the official source of messages for domains that they pretend to be. It will be easier to create rules that keep servers from impersonating other servers when clients and servers use different protocols.. Protocols like SMTP-AUTH and Submission are no longer necessary. It also eliminates the problem of finding an SMTP server for outgoing email while traveling. If you can read your email under this system, you can send email.