TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [TCLUG:8010] IMAP vs POP3
> They're both rather insecure methods of transfering mail. IMAP is
> generally regarded as a strict no-no among the extremely paranoid. The
> ideal method would be to wrap either POP or IMAP with ssh using the magic
> of port forwarding. It's not all that practical for the average user, but
> it does guarantee encrypted transmission of username/password and e-mail
> (not to mention some pretty decent compression).
>
Well, if you really want a *secure* means of dealing with e-mail, my
suggestion would be to get yourself a secure webserver and run one of the
many CGI mail clients available. However, if you're just trying to keep
people from taking over your server and using it as a war3z site, neither
the current IMAP nor POP3 daemon has any known vulnerabilities (unless I've
missed something, which is possible, I guess.) POP3's the safer bet, if
only because it's been around much longer. Personally, I only use IMAP
*inside* our firewall, but I don't have any overly rational reason for that
restriction.