19 Nov
19 Nov
2:31 p.m.
Hi Joao!
There are two issues here: - The use of very weak protection methods (NONE and MAIL-FROM) (see *).
wrt the "see *": I think they do have a point in principle. In reality (for many individuals, I suppose :-) it's still more staright-forward to fake a mail-from header than reverse-engineer a crypted password string in itself. However, given the fact that many operatinal environments these days require mail to be shipped multi-hop, the risk of disclosing the (clear text) password is greater than we might want to believe...
Would the community see this change in behaviour as a good thing?
Definitely! Wilfried.