From: "Gino Cerullo" <[EMAIL PROTECTED]>
On 2-Aug-06, at 7:29 PM, [EMAIL PROTECTED]
wrote:
Sniffers exist. Passwords are NOT the solution. They may evolve into
part of the problem.
Traffic analysis and slow downs for sending too many emails too
rapidly are part of the solution. Forcing authenticated SMTP
submission
finishes the solution. The authenticated SMTP exists now. It has
password problems via simple sniffing. I wish Earthlink supported
SSL connections which can't be sniffed. That at least raises the
password ante a little.
They probably don't want to use SSL because that encrypts the whole
communication even the body of the message. That might be noticeable
on older, slow computers their clients may still be using if they are
sending a message with a large attachment. A better authentication
method would just encrypt the account name and password but Outlook/
Outlook Express, arguably the most used email clients, don't support
anything but MS's own proprietary technology for doing that.
The message does reside, briefly, on the servers wide open to reading.
But this does make it impossible for wiretaps to intercept it. Since a
wire tap is a "dual use" technology, criminals can use it as easily as
the government, they should be prevented. It is much harder for the
criminals to intercept while on the server unless it is a VERY inside
job. And I'm just crazy enough that if someone has to intercept my
email at all I'd rather it was the government than the bag guys. The
latter are proven evil. The government is mostly fumbling clumsy more
than active evil for the average person out there.
And, yes, I do find it interesting that Earthlink and others do NOT
support secure POP3 and secure authenticated SMTP at least. It raises
lots of questions to one who is just paranoid to believe "'They' are
out to get me; but, it's nothing personal, any victim will do."
{^_^} Joanne
