Why does PoliteMail require Anonymous Authentication in IIS?

Authentication and SMTP Services

HTTP Authentication

Authentication, or the process of identifying who the client is (usually for determining the level of access to grant), is supported in the HTTP protocol with several possible authentication schemes, the most common of which are Anonymous authentication and Basic authentication.

Anonymous authentication gives users access to the public areas of your Web or FTP site without prompting them for a username or password. Anonymous is equivalent to granting everyone access to the resource.  Anonymous authentication is the default in IIS.

Anonymous authentication is required to track recipient engagement metrics on emails sent through PoliteMail, including opens, clicks, reads, etc. Since this data is collected in the background while users interact with email content, the data must be sent to the server without the prompt for authentication.

Basic authentication sends a Base64-encoded string that contains a username and password for the client. Base64 isn't a form of encryption and should be considered the same as sending the username and password in clear text. If a resource needs to be protected, another form of authentication should be used.

SMTP Services

SMTP services are typically required as PoliteMail uses the IIS SMTP services components to send emails internally to the intended audiences--typically though a direct route to Exchange or through an SMTP relay/spam appliance.  However, SMTP services are not required if Network Delivery is used.