Is POP3,SMTP-supported email more secure than HTTP-supported email?

Discussion in 'Security Software' started by Now, Aug 18, 2004.

  1. Now

    Now Guest

    Now, Aug 18, 2004
    1. Advertisements

  2. Now

    Now Guest

    But Why?
    Now, Aug 18, 2004
    1. Advertisements

  3. Now

    N. Miller Guest


    I almost gave up on your original post. I don't much care to comment on
    empty messages. But, at least you got over the 'uncute' technique of putting
    the entire message in the Subject: line, so here goes...

    E-mail sent via SMTP is transmitted in plain text. It can be read by anyone
    who has access to the servers between the MTA which accepts the submission
    to the MDA. And, if the user sets his MUA to leave messages on the server
    after delivery, they are still available to be read by human eyes with
    access to that server. The POP3 aspect of email is only slightly more secure
    than HTTP mail, and its cousin, IMAP, in this regard; if the MUA actually
    deletes the message from the server, that message will be gone once the
    backup media is overwritten.

    MTA=Mail Transport Agent; all of the SMTP servers from the point of
    submission to the point of delivery.

    MDA=Mail Delivery Agent; the last SMTP server in the chain of SMTP server
    handling the SMTP mail. From the side that accepts the email, it looks like
    an SMTP server, but from the side where the mail is picked up it looks like
    a POP3 server.

    MUA=Mail User Agent; the client which submits email to an SMTP server, or
    retrieves it from a POP3 server. MS Outlook Express is an MUA.

    POP3=Post Office Protocol (rev.3); the protocol defining how the MUA will
    interact with the MDA to retrieve email.

    SMTP=Simple Mail Transport Protocol; the protocol defining how the email
    will be relayed through MTAs, from the submitting client to the MDA.
    N. Miller, Aug 18, 2004
  4. news group, <=?Utf-8?B?QXJlZiBNb2lu?= <Aref
    >> says...
    POP3, SMTP, and IMAP can all now be run over SSL. Nothing new is needed
    Paul Adare - MVP - Microsoft Virtual PC, Aug 18, 2004
  5. In the last exciting episode, Aref Moin <Aref
    So all we need is a highly scalable digital signature CA which allows
    for administrative delegation or chaining to corporate entities along
    with a redesign of SMTP/POP3 and IMAP clients? And universal adoption
    and upgrade of existing infrastructures? Can I get that by Thursday?
    Chris Scharff [MVP], Aug 18, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.