Solved

Secure password sent via POP3

Posted on 2006-11-18
9
397 Views
Last Modified: 2010-05-18
Hello,
I have heard that the protocol POP3 is sending my e-mail passwords via Internet without encryption.
Could you advise me how to secure my passwords?

thanks
0
Comment
Question by:xRalf
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 20 total points
ID: 17971190
Your ISP would need to support Secure POP and you would need to find what port thay were using for secure POP then change your outlook/outlook express client to use that port number instead of TCP port 110 (POP3)

TCP port 995 is commonly used for Secure POP but check with your ISP
0
 
LVL 6

Author Comment

by:xRalf
ID: 17971223
Why ISP? SMTP depends on my ISP, but POP3 sends the password only to my e-mail account (it only goes via my ISP).

I changed the port number (in Opera) to 995 and it is working. Is my communication more secure now? Could you prove it? Or could I read somewhere about it (e.g. some RFC)?

thanks
0
 
LVL 97

Expert Comment

by:war1
ID: 17971697
Greetings, xRalf !

Here is some information about secure port 995
http://www.auditmypc.com/port/udp-port-995.asp

Best wishes!
0
 
LVL 6

Author Comment

by:xRalf
ID: 17971721
Hi war1,
that's nice, but there aren't answers for my questions.
0
Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

 
LVL 97

Expert Comment

by:war1
ID: 17971755
This info does not answer your question?

"Secured POP3 (TLS/SSL) [was spop3]. SSL-encrypted POP3 service for encrypted mail transfer. Also used by mail servers such as NT's Exchange Server for user auth."
0
 
LVL 6

Author Comment

by:xRalf
ID: 17971783
My questions were.
1) Why ISP?
2)  Is my communication more secure now? Could you prove it? Or could I read somewhere about it (e.g. some RFC)?
     I wanted to know, how can I recognize that my password is open with POP3 and encrypted with sPOP3? Could I use some program    (in Windows XP, in Linux)? I'd like to see the packets.

Sometimes I will probably read the protocol sPOP3, but if I can, I just ask (that's faster).
thanks
0
 
LVL 8

Accepted Solution

by:
deadite earned 25 total points
ID: 17973883
1) Why ISP?  Because your ISP hosts your email server(s).  If their servers are not configured to use secure POP3, they are not encrypted.  If it is set, as stated, you need to configure your email client to use the secured port.  Both your POP3 and SMTP settings depend on your ISP email server settings.  Whether you are requesting to send email or requesting to retrieve email it still goes through your email server.

2) Is my communication more secure now?  If you are configured to use secure POP3/SMTP then the answer is yes.  Your username and password are not sent in clear text.  Can you test this? Yes, download ethereal and sniff your network traffic.  In the case you are setup with none secured ports... you will see SMTP traffic that shows your username/password in clear text.  In the case that you have it setup, you'll see nothing but encrypted text.  

Here is an article explaining how your ISP would implement this using an Exchange email server.
http://www.msexchange.org/pages/article.asp?id=583

Are there other ways of checking your email securely?  Yes, if your ISP provides you with webmail access.  Instead of using Microsoft outlook or any other email client, you would open a web browser and connect to your ISP's webmail server....ie: https://mail.myisp.com  When you go to the login page, you should notice the use of "https" not "http".  This is simply secured (encrypted) http traffic most likely using SSL.  When you login with your username/password, they are securely sent over the internet.  Don't believe me, again sniff it with ethereal and you will not see your username/password in clear text.

SSL
http://www.webopedia.com/TERM/S/SSL.html
0
 
LVL 8

Expert Comment

by:deadite
ID: 17973886
Almost forgot,

Download ethereal here:
http://www.ethereal.com/download.html

You should just need to check 2 settings I think under the "Options" menu.  Make sure it is running in promiscuous mode, and make sure you select your network adaptor (not the default generic one) or else you probably won't get any packets.
0
 
LVL 6

Author Comment

by:xRalf
ID: 17974067
Thanks everybody
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Three simple tips to quickly and efficiently back up and protect the contents of your PC and Mac®.
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now