Secure password sent via POP3

I have heard that the protocol POP3 is sending my e-mail passwords via Internet without encryption.
Could you advise me how to secure my passwords?

Who is Participating?
deaditeConnect With a Mentor Commented:
1) Why ISP?  Because your ISP hosts your email server(s).  If their servers are not configured to use secure POP3, they are not encrypted.  If it is set, as stated, you need to configure your email client to use the secured port.  Both your POP3 and SMTP settings depend on your ISP email server settings.  Whether you are requesting to send email or requesting to retrieve email it still goes through your email server.

2) Is my communication more secure now?  If you are configured to use secure POP3/SMTP then the answer is yes.  Your username and password are not sent in clear text.  Can you test this? Yes, download ethereal and sniff your network traffic.  In the case you are setup with none secured ports... you will see SMTP traffic that shows your username/password in clear text.  In the case that you have it setup, you'll see nothing but encrypted text.  

Here is an article explaining how your ISP would implement this using an Exchange email server.

Are there other ways of checking your email securely?  Yes, if your ISP provides you with webmail access.  Instead of using Microsoft outlook or any other email client, you would open a web browser and connect to your ISP's webmail  When you go to the login page, you should notice the use of "https" not "http".  This is simply secured (encrypted) http traffic most likely using SSL.  When you login with your username/password, they are securely sent over the internet.  Don't believe me, again sniff it with ethereal and you will not see your username/password in clear text.

Pete LongConnect With a Mentor Technical ConsultantCommented:
Your ISP would need to support Secure POP and you would need to find what port thay were using for secure POP then change your outlook/outlook express client to use that port number instead of TCP port 110 (POP3)

TCP port 995 is commonly used for Secure POP but check with your ISP
xRalfAuthor Commented:
Why ISP? SMTP depends on my ISP, but POP3 sends the password only to my e-mail account (it only goes via my ISP).

I changed the port number (in Opera) to 995 and it is working. Is my communication more secure now? Could you prove it? Or could I read somewhere about it (e.g. some RFC)?

KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

Greetings, xRalf !

Here is some information about secure port 995

Best wishes!
xRalfAuthor Commented:
Hi war1,
that's nice, but there aren't answers for my questions.
This info does not answer your question?

"Secured POP3 (TLS/SSL) [was spop3]. SSL-encrypted POP3 service for encrypted mail transfer. Also used by mail servers such as NT's Exchange Server for user auth."
xRalfAuthor Commented:
My questions were.
1) Why ISP?
2)  Is my communication more secure now? Could you prove it? Or could I read somewhere about it (e.g. some RFC)?
     I wanted to know, how can I recognize that my password is open with POP3 and encrypted with sPOP3? Could I use some program    (in Windows XP, in Linux)? I'd like to see the packets.

Sometimes I will probably read the protocol sPOP3, but if I can, I just ask (that's faster).
Almost forgot,

Download ethereal here:

You should just need to check 2 settings I think under the "Options" menu.  Make sure it is running in promiscuous mode, and make sure you select your network adaptor (not the default generic one) or else you probably won't get any packets.
xRalfAuthor Commented:
Thanks everybody
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.