2018年8月22日 · There is no generic POP3 or IMAP vulnerability. In fact, you'll find open ports for this on many servers in the internet since these protocols are used to retrieve e-mail - hopefully in combination with TLS, i.e. after upgrading the initially plain connection to TLS using the STLS/STARTTLS commands.

What I can see as a problem is user behavior. While POP3/IMAP client will be probably used only in user's device, it is highly probable that the web mail will be used from anywhere, even from a non-trusted PC. There is no possibility to guarantee "security" in this case. Traffic analyzers, key loggers, or whatever so can be installed there.

2015年11月18日 · SMTP, POP, and IMAP all can support multiple authentication mechanisms, some of which are encrypted (e.g., CRAM-MD5, GSSAPI). See a good list here under Non-plaintext authentication. In this manner, your credentials might be safe on the wire even though the actual mail isn't.

2016年8月11日 · IMAP is a way more complex protocol than POP and thus the risks of an insecure implementation are much higher there. If you care about data loss: The servers of the providers are usually better maintained than a desktop system, i.e. professional providers have redundancy, backups etc.

2016年12月20日 · My ISP gives instructions how to connect to its POP3 and SMTP email servers: These settings will help you to set up your email program. email server: POP3; POP server (incoming): pop.orangehome.co.uk; POP incoming port: 110. SMTP server (outgoing): smtp.orangehome.co.uk. outgoing SMTP port: 25; use secure connection (Secure Sockets Layer …

Posteo: IMAP/POP3; This app-specific password gives any app complete access to your account. I can use the same app specific password from thunderbird to read all the messages using a mailing app on my phone. In Posteo's case, I simply enter the password as if 2FA was not set up, and I would be able to load any inbox.

2014年11月22日 · Some firewalls don't offer inline IMAP scanning but instead mirror the IMAP accounts, scan new mails and provide the mails with an IMAP server at the firewall itself. In this case the credentials of the original IMAP account need to be stored at the firewall and the user gets different credentials to access the firewalls IMAP server.

2014年5月26日 · One-time password solutions are a poor fit for IMAP, because many email clients open multiple connections or repeated connections without it being apparent to the user. I logged into my webmail IMAP client once this morning, but looking at the logs I see it has performed authentication against the IMAP backend 40 times in the last 90 minutes.

2024年4月19日 · In Outlook, one can select the correct port, and then select "SSL/TLS" as the encryption option (for IMAP and SMTP…for POP3, there's just a checkbox and STARTTLS isn't an option). In this case, the connection will fail if the server is not actually expecting SSL or TLS to be used implicitly on that port.

2013年11月3日 · POP3/IMAP Stronger Authentication. 34. Test STARTTLS configuration of SMTP server. 0. Is there a way to ...