Solved

Secure password sent via POP3

Posted on 2006-11-18
9
396 Views
Last Modified: 2010-05-18
Hello,
I have heard that the protocol POP3 is sending my e-mail passwords via Internet without encryption.
Could you advise me how to secure my passwords?

thanks
0
Comment
Question by:xRalf
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 20 total points
ID: 17971190
Your ISP would need to support Secure POP and you would need to find what port thay were using for secure POP then change your outlook/outlook express client to use that port number instead of TCP port 110 (POP3)

TCP port 995 is commonly used for Secure POP but check with your ISP
0
 
LVL 6

Author Comment

by:xRalf
ID: 17971223
Why ISP? SMTP depends on my ISP, but POP3 sends the password only to my e-mail account (it only goes via my ISP).

I changed the port number (in Opera) to 995 and it is working. Is my communication more secure now? Could you prove it? Or could I read somewhere about it (e.g. some RFC)?

thanks
0
 
LVL 97

Expert Comment

by:war1
ID: 17971697
Greetings, xRalf !

Here is some information about secure port 995
http://www.auditmypc.com/port/udp-port-995.asp

Best wishes!
0
 
LVL 6

Author Comment

by:xRalf
ID: 17971721
Hi war1,
that's nice, but there aren't answers for my questions.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 97

Expert Comment

by:war1
ID: 17971755
This info does not answer your question?

"Secured POP3 (TLS/SSL) [was spop3]. SSL-encrypted POP3 service for encrypted mail transfer. Also used by mail servers such as NT's Exchange Server for user auth."
0
 
LVL 6

Author Comment

by:xRalf
ID: 17971783
My questions were.
1) Why ISP?
2)  Is my communication more secure now? Could you prove it? Or could I read somewhere about it (e.g. some RFC)?
     I wanted to know, how can I recognize that my password is open with POP3 and encrypted with sPOP3? Could I use some program    (in Windows XP, in Linux)? I'd like to see the packets.

Sometimes I will probably read the protocol sPOP3, but if I can, I just ask (that's faster).
thanks
0
 
LVL 8

Accepted Solution

by:
deadite earned 25 total points
ID: 17973883
1) Why ISP?  Because your ISP hosts your email server(s).  If their servers are not configured to use secure POP3, they are not encrypted.  If it is set, as stated, you need to configure your email client to use the secured port.  Both your POP3 and SMTP settings depend on your ISP email server settings.  Whether you are requesting to send email or requesting to retrieve email it still goes through your email server.

2) Is my communication more secure now?  If you are configured to use secure POP3/SMTP then the answer is yes.  Your username and password are not sent in clear text.  Can you test this? Yes, download ethereal and sniff your network traffic.  In the case you are setup with none secured ports... you will see SMTP traffic that shows your username/password in clear text.  In the case that you have it setup, you'll see nothing but encrypted text.  

Here is an article explaining how your ISP would implement this using an Exchange email server.
http://www.msexchange.org/pages/article.asp?id=583

Are there other ways of checking your email securely?  Yes, if your ISP provides you with webmail access.  Instead of using Microsoft outlook or any other email client, you would open a web browser and connect to your ISP's webmail server....ie: https://mail.myisp.com  When you go to the login page, you should notice the use of "https" not "http".  This is simply secured (encrypted) http traffic most likely using SSL.  When you login with your username/password, they are securely sent over the internet.  Don't believe me, again sniff it with ethereal and you will not see your username/password in clear text.

SSL
http://www.webopedia.com/TERM/S/SSL.html
0
 
LVL 8

Expert Comment

by:deadite
ID: 17973886
Almost forgot,

Download ethereal here:
http://www.ethereal.com/download.html

You should just need to check 2 settings I think under the "Options" menu.  Make sure it is running in promiscuous mode, and make sure you select your network adaptor (not the default generic one) or else you probably won't get any packets.
0
 
LVL 6

Author Comment

by:xRalf
ID: 17974067
Thanks everybody
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now