Den Delimarsky

I am an engineer working on API documentation, security and machine learning.

github twitter linkedin rss

Unencrypted IMAP connection? Bad idea – here’s why

Aug 25, 2011
One minute read

There are plenty of people out there who are using IMAP-based accounts in various mail clients. Some of them are configured not to use an encrypted connection, and that is a serious problem. Not yet convinced? Take a look at this.

Image is not available

Obviously, parts of IP addresses and login data are removed. But you get the idea – without encryption, the data is transmitted in plain text through the IMAP protocol. Make sure you switch to a SSL connection, if it is supported by the server.

Image is not available

This does not eliminate a set of other security problems, but it mitigates one of them. Remember:

IMAP4rev1 protocol transactions, including electronic mail data, are sent in the clear over the network unless protection from snooping is negotiated. This can be accomplished either by the use of STARTTLS, negotiated privacy protection in the AUTHENTICATE command, or some other protection mechanism.

Source


Back to posts