Re: pop3 changes

Michael D'Errico <Mike@software.com> Mon, 06 June 1994 04:18 UTC

Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa12379; 6 Jun 94 0:18 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa12375; 6 Jun 94 0:18 EDT
Received: from PO5.ANDREW.CMU.EDU by CNRI.Reston.VA.US id aa15640; 6 Jun 94 0:18 EDT
Received: (from postman@localhost) by po5.andrew.cmu.edu (8.6.7/8.6.6) id AAA00773; Mon, 6 Jun 1994 00:16:34 -0400
Received: via switchmail for ietf-pop3+@andrew.cmu.edu; Mon, 6 Jun 1994 00:16:31 -0400 (EDT)
Received: from po3.andrew.cmu.edu via qmail ID </afs/andrew.cmu.edu/service/mailqs/q003/QF.0hwe:gS00Udb4vwE4Y>; Mon, 6 Jun 1994 00:14:36 -0400 (EDT)
Received: from rome.software.com (rome.software.com [198.17.234.2]) by po3.andrew.cmu.edu (8.6.7/8.6.6) with ESMTP id AAA15340 for <ietf-pop3@andrew.cmu.edu>; Mon, 6 Jun 1994 00:14:26 -0400
Received: from rome (rome.software.com [127.0.0.1]) by rome.software.com with ESMTP id AAA4164; Sun, 5 Jun 1994 21:14:12 -0700
To: brtmac@ksu.ksu.edu
cc: ietf-pop3@andrew.cmu.edu
Subject: Re: pop3 changes
Date: Sun, 05 Jun 1994 21:14:11 -0700
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Michael D'Errico <Mike@software.com>
Message-ID: <19940606051412.AAA4164@rome.software.com>

NOTE: This is the last message I'll be sending on this thread as it has
      gotten away from the current focus.  Unless someone else wants to
      use POP to send mail....

>Nearly all of the troubles that people are having around here is with
>Eudora.  Nobody knows how to set it up, they just do it.  Then they don't
>understand why their mail doesn't go anyplace, or why they don't ever get
>mail.  We've had a lot of people set their Eudora stuff up so that their
>From: headers just ahs 'ksu.ksu.edu' or 'ksu.ksu.edu@userid' or some other
>strange thing.  They also choose any random email address they happen to
>know as their From: mail address instead of what is the official address.

This is a problem of user education, not Eudora nor the Post Office Protocol.
Why not hand everybody a sheet of paper with instructions on it when you open
a mail account for them?

>We don't run SMTP on the same machine as POP (actually we do because too
>many people set their POP clients up that way, but that isn't how we want
>to do it).  If POP is to be a Post Office Protocol, why not make it do what
>a Post Office does, and allow it to take delivery of mail from the client.

It's just the name that Marshall Rose came up with, not an exact description
or analogy to real life.  If it was called the Mailbox Reading Protocol in-
stead would you still want to use it to send mail?

>Right now POP clients have to implement POP and SMTP.  By adding one or
>two extra commands into the POP protocol (mail to: and data) you could
>elminate the need to do SMTP in the client.  It seems silly to use POP
>to read mail and SMTP to send it.  POP is for post office like stuff.
>SMTP is for mail transport (mail between systems).
>
>Right now no POP client that I know of does any sort of mail routing.
>It just knows of one place to send mail, and sends *all* outgoing mail
>to that place.  If it already has a POP connection to a centralized
>mail handling system, why not let it use that connection to hand a
>piece of mail to the system?

Yes, maybe only one or two commands would be needed to get the POP server
to accept mail for the client.  But all you've done is get the mail to
the POP server.  The POP server would still need to know how to talk SMTP
to get it to the final destination, or to a smart host which would do the
delivery.  And if the host was down, the POP server would have to queue
the message and try again later, so now you need a POP daemon running
all the time.  Or you could leave this to the SMTP server which already
does all this.

>An added benefit to this is that we
>could disallow SMTP connections from all of the random PC's and Mac's
>and junk on campus.  Then people would have to authenticate themselves
>with the POP server in order to send mail, and the POP server would
>handle putting the correct From:, Reply-To:, etc.  headers on the
>mail.  Sort of like INN's inews does if you have the authentication
>stuff enabled.

If you implemented POP mail delivery, it would be harder but no where near
impossible to forge mail.  The real problem is that you would trust it more.
Passwords sent over the network as cleartext are not sufficient protection
against forgeries.  The way to have authentication is by using digital
signatures.

Michael D'Errico
mike@software.com