Hadmut Danisch: If a host doesn't receive messages by SMTP, it shouldn't deliver by SMTP. Mail delivery should go the same way back that incoming mail went in.
Hadmut is right. There is an asymmetry in the way email is received and the way it is sent. Our ISP receives mail for us and we pick it up via an authenticated protocol like POP3 or IMAP4. The asymmetry can be easily fixed. Every POP3 or IMAP4 account provider should provide SMTP. And SMTP should be authenticated. RFC 2476 describes a Message Submission Agent (MSA), which is the entry point of email into the transport system. The idea of an MSA is good: the MSA receives email from the Mail User Agent (MUA) via SMTP and can police it -- add missing header fields, correct any invalid format, etc. The MSA also uses a different port (TCP port 587) than SMTP (TCP port 25), which is good because it serves a different purpose, and ISPs that don't allow outbound SMTP on TCP port 25 from their providers should allow outbound messages to an MSA on TCP port 587. One has to wonder, if we need authentication to get our email, why don't we have authentication to send email?
Posted by Doug Sauder at May 28, 2003 11:50 PM