SMTP AUTH

Dean Anderson dean at av8.com
Mon May 2 02:50:29 UTC 2005


This seems like a new thread, so I changed the title.

inline 

On Sun, 1 May 2005 Valdis.Kletnieks at vt.edu wrote:

> On Sun, 01 May 2005 21:09:50 EDT, Dean Anderson said:
> > criticisms (made presumably in 1999), were correct. In 2005, SMTP AUTH is
> > basically dead. There hasn't been a new mail client supporting SMTP AUTH 
> > in many years.  What would be the point?
> 
> There's almost no new car companies supporting seat belts too.  

_All_ car companies support seat belts, by law.  So there are no new ones.

But only 16 email clients (counting Netscape, Mozilla, and Firefox
separately), support SMTP AUTH. But there are more than 1000 different
email client programs.  If you go to Microcenter, you can buy several
email client programs for windows, but only one (Outlook) supports SMTP
AUTH.  

Your comparison is precious. Its a classic sort of statistical deception,
at the extreme.  With seat belts, there is mandated 100% compliance. With
SMTP AUTH, there is presently approximately 0.16% compliance. Lets round
that up: Say 0.2% support.  SMTP AUTH got 0.2% of the mail clients. The
draft is dated 1998, and it got practically all of those 16 clients in
1999.  And then the excitement petered out. People learned that SMTP AUTH
didn't stop spam.  Technically, the draft's authors knew it wouldn't stop
spam, and never actually said it would. But its cheerleaders said it would
(like they said POP-before-SMTP would).  It was the *promise* that it
would stop spam that generated the interest. And when that promise
evaporated, so did the interest.

But why would anyone deploy SMTP AUTH now?  What would be the point of
that?  What's the cost/benefit analysis?  There are only costs, and no
benefits with SMTP AUTH. Indeed, I'm sending this from a system using SMTP
AUTH. We've been trying to sell it for a couple years. Its our least used
server (which why I use it). Basically, as a business proposition, its a
bust.  Has anyone made any money on SMTP AUTH? I don't think anyone has.

> It's hard to get new ones when it's near 100% support. (Who *doesn't*
> support SMTP AUTH? Are there any major or even minor players that don't?  
> Heck, even the now-venerable 'nmh' descendant of MH will do SASL auth
> for you....)

Cisco's mail client doesn't do SMTP AUTH. I'd say they are a major player.

nmh is old, all right.

Unless you want to exclude all but 16 or so mail clients (out of more than
1000), you can't really require SMTP AUTH.  Some ISPs (residential)  
specify the mail client programs (or like AOL, provide custom software).
They already have per-user accounts, and can therefore implement SMTP AUTH
more easily.  But then, *some* ISPs assume all their users run Windows,
too.  Not everyone is in that boat.

> But as long as we're playing:  Evolution and Mozilla's mail client are both
> fairly newcomers, and both do SMTP AUTH....

Err, no. Netscape was one of the original promoters and authors of the
SMTP AUTH draft. They were probably the first to support SMTP AUTH in
Netscape 4.0.  Mozilla has the Netscape mail client. It isn't "new".  
Evolution isn't actually very new either, although its getting more
traction after it was included in some linux distros. (I think it was
installed by default in RH9.0 workstation installs)

		--Dean

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000   





More information about the NANOG mailing list