pop3 is a clear-text protocol. That implies anyone with a sniffer can log
the entire pop3 conversation, including passwords. That's also valid for
IMAP.
Encrypted protocols should always be preferred when talking to (or through)
an untrusted network (such as the internet). Unfortunately, that's not
always possible. (due to client incompatibility, user stupidity, etc)
RC
On Fri, Aug 25, 2000 at 01:47:14PM -0400, Rick Glunt wrote:
> In the qmail FAQ it metions "Security note: pop3d should only b
> used in a secure network...". Doe sthis mean it is not fit for a
> server on the Internet? I see it recommended in several places but
> never see anthing else abou tit being insecure.
> Rick Glunt
> IT Manager
> Lumax Industries, Inc.
--
+-------------------
| Ricardo Cerqueira
| PGP Key fingerprint - B7 05 13 CE 48 0A BF 1E 87 21 83 DB 28 DE 03 42
| Novis - Engenharia ISP / Rede Técnica
| Pç. Duque Saldanha, 1, 7º E / 1050-094 Lisboa / Portugal
| Tel: +351 21 0100000 - Fax: +351 21 0100001
PGP signature
