Security risk of POP3 & IMAP protocols

Jason Voorhees jvoorhees1 at gmail.com
Fri Feb 13 10:23:58 EST 2009


On Thu, Feb 12, 2009 at 5:49 PM, Jason Voorhees <jvoorhees1 at gmail.com> wrote:
> Hi people:
>
> A friend of mine is asking me about security risks of using IMAP &
> POP3 protocols. Why? Because a sales person told my friend that IMAP
> protocol is less secure than POP3 protocol. This assumption is not
> related to Cyrus IMAP, instead is related only to the protocols.
> I'm searching at Google something about POP3 & IMAP security but I'm
> not pretty sure about comments I can found in forums or other sites.
>
> Does anybody here know anything about security risk of these
> protocols? Is it true that one of them is less secure than the other
> one?
>
> Thanks, bye
>

Thanks everyone for your replies, they were good answers with
different points of view.
Actually, I made a mistake writing my post: My friend told me that the
sales person believes that POP3 has security problems and is
vulnerable so recommends IMAP as a replacement of use at final users.

Anyway, it doesn't matter what the sales person really said because I
can see now that the argument of using one protocol instead the other
one depends much of the context.
The POP3/IMAP server (now running Zimbra) is running at my friend's
office with all his users using POP3. I will migrate its mailserver to
Cyrus + MTA+other components...and they plan to use IMAP now.

I will explain him every point of view that you shared with me. Thanks again :)


More information about the Info-cyrus mailing list