Re: What changes would you make to stop spam? - United Nations Paper

[Marc Perkel]

Magnus Holmgren wrote: On Wednesday 02 August 2006 21:29, Marc Perkel took the opportunity to say: The zombies wouldn't be able to connect because the zombies wouldn't have the IMAP password. In that case, neither the SMTP password, which we have to assume is required. But in most cases I think the spamware has access to the password if it wants to. Especially with admin privileges. SMTP passwords go away because SMTP goes away. If the user doesn't store the password then they would type it in when say Thunderbird first starts. At that point obly thunderbird, not the virus program would have access to the IMAP port. If the virus wanted access it would have to establish it's own connection which would require it's own authentication. If you use IMAP for your outgoing email from the client you no longer need port 25 except for server to server transfers. The only outgoing path is the IMAP connection which requires authentication. Zombies wouldn't have the password and wouldn't have access to any way to send email. Not with SMTP on port 587 either. Not that it's easy, but getting everyone in the world to use a different port sure is easier than getting everyone in the world to use a different protocol, one that would need code to be written for first. The idea is that outgoing IMAP would replace SMTP and there would be no SMTP between clients and servers. SMTP would be a server to server protocol.