Sniffers exist. Passwords are NOT the solution. They may evolve into
part of the problem.
Traffic analysis and slow downs for sending too many emails too
rapidly are part of the solution. Forcing authenticated SMTP submission
finishes the solution. The authenticated SMTP exists now. It has
password problems via simple sniffing. I wish Earthlink supported
SSL connections which can't be sniffed. That at least raises the
password ante a little.
They probably don't want to use SSL because that encrypts the whole communication even the body of the message. That might beĀ noticeable on older, slow computers their clients may still be using if they are sending a message with a large attachment. A better authentication method would just encrypt the account name and password but Outlook/Outlook Express, arguably the most used email clients, don't support anything but MS's own proprietary technology for doing that.
The slow down technology exists. Earthlink
claimed to be using it something like a decade ago. If the data
extracted from the slow down technology is used to simply shut off
accounts that are spewing, in real time, zombie spam would be materially
reduced. Automated submission of spewing addresses to Block Lists
from larger ISPs that can notice the patterns would also help everyone.
But mere passwords on unsecure protocols are no really big deal other
than it, theoretically, points to a specific machine that can be shut
down. (Since zombies share data it'll be a short time before this also
becomes mooted.)
There is no "solution" there is only measure and counter-measure as
both sides get better at what they want to do. Selling snake oil about
POP3 or IMAP email submission is just plain amateurish stupidity if it
is not driven by an ulterior motive.
{^_^}