From: "Marc Perkel" <[EMAIL PROTECTED]>
jdow wrote:
From: "Marc Perkel" <[EMAIL PROTECTED]>
Magnus Holmgren wrote:
On Wednesday 02 August 2006 14:37, Marc Perkel took the opportunity
to say:
Why not just eliminate the SMTP protocol for end users and keep
SMTP as
a server to server protocol and have users send theit email to the
server by extending POP/IMAP to send email. It created an
authenticated
connection back to the server where the POP/IMAP server hands it
off to
the SMTP server. That way email clients aren't using the same protocol
as email servers.
Why? It's not, like, that MUAs try to deliver directly to the
recipient MX. If all ISPs block port 25 outbound, it doesn't matter
what protocol end users use to submit their mail to their local MTA.
Otherwise, zombies can still try to connect directly, and you'll
have to rely on DUL and other blacklists to figure out which IP
addresses belong to end users.
The zombies wouldn't be able to connect because the zombies wouldn't
have the IMAP password.
Marc, if the system has been zombified that means a password guessing
routine is already present. It can track down the email program's
settings and decrypt it, if needed. Or it can simply be intercepted.
Requiring IMAP requires MUAs be rewritten to handle the special casing
that would be required to have IMAP as the sending tool. Using smtpauth
gives more flexibility in design for ISPs and users.
{^_^}
So you think that viruses are going to know how to find and decrypt the
passwords of all email programs?
Nice trick.
Ever hear of "tcpdump"? A version exists for Windows. Read the passwords
in plain text with it all you want.
{^_^}
