-"From:". Note that your MTA may still reveal your real identity (e.g.
-sendmail's "X\-Authentication\-Warning:" header).
+\*(lqFrom:\*(rq. Note that your MTA may still reveal your real identity (e.g.
+.BR sendmail 's
+\*(lqX\-Authentication\-Warning:\*(rq header).
+.PP
+If
+.B nmh
+has been compiled with SASL support, the
+.B \-sasl
+switch will enable
+the use of SASL authentication with the SMTP MTA. Depending on the
+SASL mechanism used, this may require an additional password prompt from the
+user (but the
+.RI \*(lq \&.netrc \*(rq
+file can be used to store this password).
+.B \-saslmech
+switch can be used to select a particular SASL mechanism,
+and the the
+.B \-user
+switch can be used to select a authorization userid
+to provide to SASL other than the default.
+.PP
+Currently SASL security layers are not supported for SMTP.
+.BR nmh 's
+SMTP SASL code
+will always negotiate an unencrypted connection. This means that while the SMTP
+authentication can be encrypted, the subsequent data stream can not. This is in
+contrast to
+.BR nmh 's
+POP3 SASL support, where encryption is supported for both the
+authentication and the data stream.