Skip to main content
  1. Writing/

Unencrypted IMAP Connection Is A Bad Idea – Here's Why

·160 words

There are plenty of people out there who are using IMAP-based accounts in various mail clients. Some of them are configured not to use an encrypted connection, and that is a serious problem. Not yet convinced? Take a look at this.

Image lost since transition to new blog.

Obviously, parts of IP addresses and login data are removed. But you get the idea – without encryption, the data is transmitted in plain text through the IMAP protocol. Make sure you switch to a SSL connection, if it is supported by the server.

Image lost since transition to new blog.

This does not eliminate a set of other security problems, but it mitigates one of them. Remember:

IMAP4rev1 protocol transactions, including electronic mail data, are sent in the clear over the network unless protection from snooping is negotiated. This can be accomplished either by the use of STARTTLS, negotiated privacy protection in the AUTHENTICATE command, or some other protection mechanism.