MDA Mail Delivery Agent
MSA Mail Submission Agent
SASL Simple Authentication Security Layer
GSSAPI Generic Security Services Application Program Interface
CRAM Challenge Response Authentication Mechanism
Mechanisms for SMTP AUTH
- PLAIN : A single string from client to server is sent which is a Base64 representation of the credentials. RFC 4954 use of TLS for using this machanism.
- LOGIN : Again uses Base64 encoding however, credentials are exchanged in a set of client - server dialog.
- GSSAPI : For use with mechanisms like kerberos.
- CRAM-MD5 : Better than PLAIN and LOGIN mechanisms. Plaintext attacks possible and does not authenticate the server(refer RFC 4954). Also requires that password be stored in plain text in many implementations.
- DIGEST-MD5 : MOre secure than CRAM-MD5 as it uses nounce. This mechanism also requires that password be stored in plain text in many implementations.
- SCRAM family (SCRAM-SHA-1 was a replacement for DIGEST-MD5).
- EXTERNAL : for external authentication.