Security risk of POP3 & IMAP protocols

Joseph Brennan brennan at columbia.edu
Thu Feb 12 20:49:53 EST 2009


Adam Tauno Williams <awilliam at whitemice.org> wrote:

>> A friend of mine is asking me about security risks of using IMAP &
>> POP3 protocols. Why? Because a sales person told my friend that IMAP
>> protocol is less secure than POP3 protocol.


This reminds me of a concern that was raised about U Wash IMAP and storage
of mail in unix home directories.  In that setup IMAP access is based on
unix file system permissions, and IMAP will open files that are not mail
files if the user has unix file permissions to open them-- including
various system files.  This always struck me as a bogus concern since
the user could also telnet in and see the same files!

The protocol itself is no less secure than POP.  I don't understand why
POP is still around.

Joseph Brennan
Columbia University Information Technology




More information about the Info-cyrus mailing list