• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 404
  • Last Modified:

Secure password sent via POP3

Hello,
I have heard that the protocol POP3 is sending my e-mail passwords via Internet without encryption.
Could you advise me how to secure my passwords?

thanks
0
xRalf
Asked:
xRalf
  • 4
  • 2
  • 2
  • +1
2 Solutions
 
Pete LongConsultantCommented:
Your ISP would need to support Secure POP and you would need to find what port thay were using for secure POP then change your outlook/outlook express client to use that port number instead of TCP port 110 (POP3)

TCP port 995 is commonly used for Secure POP but check with your ISP
0
 
xRalfAuthor Commented:
Why ISP? SMTP depends on my ISP, but POP3 sends the password only to my e-mail account (it only goes via my ISP).

I changed the port number (in Opera) to 995 and it is working. Is my communication more secure now? Could you prove it? Or could I read somewhere about it (e.g. some RFC)?

thanks
0
 
war1Commented:
Greetings, xRalf !

Here is some information about secure port 995
http://www.auditmypc.com/port/udp-port-995.asp

Best wishes!
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
xRalfAuthor Commented:
Hi war1,
that's nice, but there aren't answers for my questions.
0
 
war1Commented:
This info does not answer your question?

"Secured POP3 (TLS/SSL) [was spop3]. SSL-encrypted POP3 service for encrypted mail transfer. Also used by mail servers such as NT's Exchange Server for user auth."
0
 
xRalfAuthor Commented:
My questions were.
1) Why ISP?
2)  Is my communication more secure now? Could you prove it? Or could I read somewhere about it (e.g. some RFC)?
     I wanted to know, how can I recognize that my password is open with POP3 and encrypted with sPOP3? Could I use some program    (in Windows XP, in Linux)? I'd like to see the packets.

Sometimes I will probably read the protocol sPOP3, but if I can, I just ask (that's faster).
thanks
0
 
deaditeCommented:
1) Why ISP?  Because your ISP hosts your email server(s).  If their servers are not configured to use secure POP3, they are not encrypted.  If it is set, as stated, you need to configure your email client to use the secured port.  Both your POP3 and SMTP settings depend on your ISP email server settings.  Whether you are requesting to send email or requesting to retrieve email it still goes through your email server.

2) Is my communication more secure now?  If you are configured to use secure POP3/SMTP then the answer is yes.  Your username and password are not sent in clear text.  Can you test this? Yes, download ethereal and sniff your network traffic.  In the case you are setup with none secured ports... you will see SMTP traffic that shows your username/password in clear text.  In the case that you have it setup, you'll see nothing but encrypted text.  

Here is an article explaining how your ISP would implement this using an Exchange email server.
http://www.msexchange.org/pages/article.asp?id=583

Are there other ways of checking your email securely?  Yes, if your ISP provides you with webmail access.  Instead of using Microsoft outlook or any other email client, you would open a web browser and connect to your ISP's webmail server....ie: https://mail.myisp.com  When you go to the login page, you should notice the use of "https" not "http".  This is simply secured (encrypted) http traffic most likely using SSL.  When you login with your username/password, they are securely sent over the internet.  Don't believe me, again sniff it with ethereal and you will not see your username/password in clear text.

SSL
http://www.webopedia.com/TERM/S/SSL.html
0
 
deaditeCommented:
Almost forgot,

Download ethereal here:
http://www.ethereal.com/download.html

You should just need to check 2 settings I think under the "Options" menu.  Make sure it is running in promiscuous mode, and make sure you select your network adaptor (not the default generic one) or else you probably won't get any packets.
0
 
xRalfAuthor Commented:
Thanks everybody
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now