I have a client that because of outside contraints needs to forward all his exchange box email to a outside account via pop3. I don't like the security of pop3 because of the clear text passwords and this particular user has some heavy access rights. What I did was to setup another user with a email account and forward the real users email to this account. The outside program then connects to our server and retrieves the forward email from a mailbox with as little rights as possible. This works great but I would like to lock down the account that I use to forward mail for the pop3 mail transfer. Right not the user is a domain user. I could probably do better with some more testing but don't have the time. I am looking for some guiadance on how to lock down the pop3 accout. SSL is not an option here since I don't have control over the software that retrieves the pop3 mail. I look forward to you answers.