Marc Perkel wrote:
Magnus Holmgren wrote:
>
SMTP passwords go away because SMTP goes away.
If the user doesn't store the password then they would type it in when
say Thunderbird first starts. At that point obly thunderbird, not the
virus program would have access to the IMAP port. If the virus wanted
access it would have to establish it's own connection which would
require it's own authentication.
A password is a password is a password. Weither it be the login to
whatever system you use, your bank password, it doesn't matter. What
remains is, its a string of characters that is entered by a human.
The user WILL ALWAYS click "remember password" -- Game over. I can get
the password. You have to be able to retrieve the password some how to
send down the pipe to the IMAP server, so this is NO better than SMTP.
If you managed to get every user on the planet to NOT store their email
password, then all the virus/spam software has to do is setup a proxy,
grab all the data out of the client program, and inject its own mail
when the time is right. Didn't stop the spam, didn't do any good. Now
there is more overhead for an ISP to handle and the issue remains.
The idea is that outgoing IMAP would replace SMTP and there would be no
SMTP between clients and servers. SMTP would be a server to server protocol.
Fine and dandy. Same issues, no resolution, more overhead, more cost.
Not really feasible. SMTP does EXACTLY what you are purposing already.
Why bother with all of the other aspects of IMAP if all you want to do
is send mail? My ISP at home requires auth of their SMTP connections
(Bellsouth) which is exactly the same username/password pair as my pop3
password. If your SMTP password is different than your pop3 password,
gripe with your ISP.
--
Thanks,
James
