[techtalk] POP mail

Samantha Jo Moore sjmoore at TheTahoeGroup.com
Wed Dec 15 15:06:25 EST 1999

> okay, what's this i've heard about "Secure POP"? I'm assuming this is a
> modified POP that sets up a secure connection between the server and the
> client, to avoid sniffing?

Yes.  The problem with regular POP servers is that they establish an
ASCII based conversation through stdio.  You can check this by doing

   telnet your_pop_server 110

which will reply with something like:
+OK QPOP (version x.xx) at your_pop_server starting.

You can continue this conversation by typing:

   user your_account_name

and you'll see the prompt:

+OK Password required for your_account_name

to which you need to type:

   pass your_password

which will log you in to the server.  Now, if you notice, the password
you typed was visible to you.  When your mail client establishes this
connection it does exactly the same, sending your account name and 
password UNSCRAMBLED over the connection.  Anybody sniffing your
line could catch your password and account name, and then who knows
what they might do?

I don't know exactly how it works, but secure pop provides for a secure
mechanism of transmitting these data items, and possibly the content of
the mail comming back to you.

Samantha Jo Moore
sjmoore at thetahoegroup.com

techtalk at linuxchix.org   http://www.linuxchix.org

More information about the Techtalk mailing list