Solved

Secure password sent via POP3

Posted on 2006-11-18
9
401 Views
Last Modified: 2010-05-18
Hello,
I have heard that the protocol POP3 is sending my e-mail passwords via Internet without encryption.
Could you advise me how to secure my passwords?

thanks
0
Comment
Question by:xRalf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 20 total points
ID: 17971190
Your ISP would need to support Secure POP and you would need to find what port thay were using for secure POP then change your outlook/outlook express client to use that port number instead of TCP port 110 (POP3)

TCP port 995 is commonly used for Secure POP but check with your ISP
0
 
LVL 6

Author Comment

by:xRalf
ID: 17971223
Why ISP? SMTP depends on my ISP, but POP3 sends the password only to my e-mail account (it only goes via my ISP).

I changed the port number (in Opera) to 995 and it is working. Is my communication more secure now? Could you prove it? Or could I read somewhere about it (e.g. some RFC)?

thanks
0
 
LVL 97

Expert Comment

by:war1
ID: 17971697
Greetings, xRalf !

Here is some information about secure port 995
http://www.auditmypc.com/port/udp-port-995.asp

Best wishes!
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 6

Author Comment

by:xRalf
ID: 17971721
Hi war1,
that's nice, but there aren't answers for my questions.
0
 
LVL 97

Expert Comment

by:war1
ID: 17971755
This info does not answer your question?

"Secured POP3 (TLS/SSL) [was spop3]. SSL-encrypted POP3 service for encrypted mail transfer. Also used by mail servers such as NT's Exchange Server for user auth."
0
 
LVL 6

Author Comment

by:xRalf
ID: 17971783
My questions were.
1) Why ISP?
2)  Is my communication more secure now? Could you prove it? Or could I read somewhere about it (e.g. some RFC)?
     I wanted to know, how can I recognize that my password is open with POP3 and encrypted with sPOP3? Could I use some program    (in Windows XP, in Linux)? I'd like to see the packets.

Sometimes I will probably read the protocol sPOP3, but if I can, I just ask (that's faster).
thanks
0
 
LVL 8

Accepted Solution

by:
deadite earned 25 total points
ID: 17973883
1) Why ISP?  Because your ISP hosts your email server(s).  If their servers are not configured to use secure POP3, they are not encrypted.  If it is set, as stated, you need to configure your email client to use the secured port.  Both your POP3 and SMTP settings depend on your ISP email server settings.  Whether you are requesting to send email or requesting to retrieve email it still goes through your email server.

2) Is my communication more secure now?  If you are configured to use secure POP3/SMTP then the answer is yes.  Your username and password are not sent in clear text.  Can you test this? Yes, download ethereal and sniff your network traffic.  In the case you are setup with none secured ports... you will see SMTP traffic that shows your username/password in clear text.  In the case that you have it setup, you'll see nothing but encrypted text.  

Here is an article explaining how your ISP would implement this using an Exchange email server.
http://www.msexchange.org/pages/article.asp?id=583

Are there other ways of checking your email securely?  Yes, if your ISP provides you with webmail access.  Instead of using Microsoft outlook or any other email client, you would open a web browser and connect to your ISP's webmail server....ie: https://mail.myisp.com  When you go to the login page, you should notice the use of "https" not "http".  This is simply secured (encrypted) http traffic most likely using SSL.  When you login with your username/password, they are securely sent over the internet.  Don't believe me, again sniff it with ethereal and you will not see your username/password in clear text.

SSL
http://www.webopedia.com/TERM/S/SSL.html
0
 
LVL 8

Expert Comment

by:deadite
ID: 17973886
Almost forgot,

Download ethereal here:
http://www.ethereal.com/download.html

You should just need to check 2 settings I think under the "Options" menu.  Make sure it is running in promiscuous mode, and make sure you select your network adaptor (not the default generic one) or else you probably won't get any packets.
0
 
LVL 6

Author Comment

by:xRalf
ID: 17974067
Thanks everybody
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question