On Fri, 19 Feb 1999, Asmodeus wrote:
> On Fri, 19 Feb 1999, Roman V. Isaev wrote:
>
> >
> > I see there are some pop3-before-smtp authentication patches.
> > But using pop3 before sending mail is awkward. So... why nobody
> > thought about a patch using a password in user's e-mail? :)
> > Any MUA allows user to enter his e-mail. ANY. Let's use it!
> > password#username@host. Check that password at mail from: point,
> > receive message if user's password is okay, strip password# from
> > all headers and continue the work...
> >
> > What's wrong with this idea? I think I'm inventing a bicycle,
> > but there must be a good reason to reject it...
>
> Besides having a plaintext password flow between any computers between
> their isp and the smtp server, none that immediately come to mind.
And if the password get sniffed, so what? Correct me if I'm wrong, but
as long as the password is just used for this purpose, all it would let
someone do is forge mail through this relay as that user. If you just want
to forge mail, there are much easier ways of doing that. The idea here is
not really to completely authentcate the sender, it is merely to make
using your server as a relay so difficult that a spammer will go
elsewhere.
Russ Steffen
[EMAIL PROTECTED]
>
> AOL(for instance) --> x computers/routers/etc --> server
>
> .Shawn
