IMAP and POP - Security Implications?


I have several users who want IMAP or POP access to their Exchange accounts due to the fact that Outlook will only allow them to be connected to one Exchange server at a time.  We have RPC/HTTPS for general remote access and I'm rather reluctant to open up IMAP and POP.  Could somebody tell me what the security implications are of opening these services up?  Obvioulsly the smaller my external footprint the better but have there been any historical instances of vulnerabilites or exploits on IMAP and POP Exchange services?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

BusbarSolutions ArchitectCommented:
first they are open ports on your firewall and POP3 is not secure because it uses plain text, unless you use POP3S you are sending everything in plain text that could be caputered by a sniffer and used by a hacker

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
justin-fieldingAuthor Commented:
Thats exactly my point, open ports are never a good thing.  Obvioulsy I would use POP3S and IMAPS but I'm still reluctant.  However, unless I can show that there's a concrete reason for keeping POP and IMAP disabled (e.g. a history of known security issues) then I'm going to have to open them up.
did everyone get iphones for christmas or something??  I wrote a policy for my company that the only way to access email remotely is either thru encrypted OWA VPN or our Citrix implementation.    I have not heard of too many problems with imaps or pop3s for security reasons but to be safe i would come up with a list of approved devices they could use to get email from those 2 ports.  Some devices out there still don't have pops or imaps support.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.