Hi, At 17:21 21.05.04 +0200, you wrote: >Hello Erwin, > >Friday, May 21, 2004, 5:14:30 PM, you wrote: > >EH> Hi, > >EH> At 11:41 21.05.04 +0200, you wrote: >>>Hello blist, >>> > >>>In the OLD days, people were happy with SMTP-Auth. I consider it LESS >>>security as SMTP after POP, because with SMTP-Auth, You sent Your >>>e-mailadress and Your password of Your mailbox over the internet. >>>When a man-in-the-middle catch this e-mail (or worse Your PW), he can >>>use it for spam, or access Your mailbox. > >EH> This is only true for SMTP Authentication of type "plain" and "login". > >EH> With CRAM-MD5 its quite save. > >EH> Read: http://www.fehcom.de/qmail/smtpauth.html#FRAMEWORK >
>Yes, it's 'quite' safe, but You still reveal Your e-mailadress. >If there are many hops between Your workstation and the smtpserver, >You can get some spam in return. >More, Your mail is sent in plaintext. I prefer encrypted streams, >so SUPP's patch which encrypts the stream with SSL, and authenticate >afterwards (in plaintext) is still the best way to go, it's not a big >effort to realize. Pls. tell us how you intend to communicate to the rest of the world by means of email with encrypted addresses. You are joking, troll. regards. --eh. Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/ Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24
