IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [imap]

Internet Message Access Protocol, or IMAP, is a mail protocol used in the retrieval of mail from a mailbox. In comparison to POP, IMAP is designed to allow the complete management of a mailbox using multiple different mail clients, this means that unlike POP, mail retrieved over the IMAP protocol will by default also remain on the mail server, unless explicitly deleted by the user.

Internet Message Access Protocol, or IMAP, is a mail protocol used in the retrieval of mail from a mailbox. In comparison to POP, IMAP is designed to allow the complete management of a mailbox using multiple different mail clients, this means that unlike POP, mail retrieved over the IMAP protocol will by default also remain on the mail server, unless explicitly deleted by the user.

Related reading

40 questions
80
votes
3 answers

What are the dangers of allowing "less secure apps" to access my Google account?

According to https://support.google.com/accounts/answer/6010255: Google may block sign in attempts from some apps or devices that do not use modern security standards. Since these apps and devices are easier to break into, blocking them helps keep…
Hjulle
  • 906
  • 1
  • 6
  • 10
39
votes
2 answers

How do email clients "send later" without storing a password?

Email clients like Spark for macOS have a feature where a user can send an email later, at any given time, even when the computer is turned off. An SMTP server needs a password based authentication, though. Does that mean that if I use Spark to send…
NikxDa
  • 773
  • 1
  • 5
  • 12
13
votes
4 answers

Does IMAP/POP3/ASP undermine Two-Factor Auth?

When I log in to hotmail or Google or posteo I can only log in using the 2FA that I have set up. However, each provider seems to have an alternative for apps that do not auth via a web client. Hotmail/Google: 16-lowercase-characters "app-specific"…
CCXD
  • 131
  • 1
  • 1
  • 3
11
votes
3 answers

How to store passwords securely in my server?

Disclaimer: I know I should use bcrypt to securely store user's passwords. Please, keep reading. I want to store credentials for several email services for each user. So if I log in with my username and password (which is properly hashed), then I…
Francisco Presencia
  • 675
  • 1
  • 6
  • 20
8
votes
2 answers

Why are common services using implicit SSL not considered obsolete in the way that SMTPS is?

SMTPS (implicit SSL) has been deprecated/obsolete since SMTP+STARTTLS (explicit SSL) was defined in RFC2487. I'm not entirely clear on the reasoning behind that, but it was clearly considered a good idea at the time. A parallel can be seen with IMAP…
Synchro
  • 647
  • 1
  • 6
  • 14
8
votes
2 answers

How can I track someone logged in my gmail account over imap?

Gmail tells me if someone new logged in to the web-interface (device, browser etc.) But what about IMAP logins? If someone has my password can he stealthy read my mails over IMAP?
Denis Steif
  • 81
  • 3
7
votes
2 answers

Outlook for Android uses intermediate Microsoft Servers

I have an IMAP + SMTP server running on linux, using Dovecot + Postfix. The server only accepts connections over TLS and uses plaintext authentication once the tunnel is established. I was auditing the mail logs today and was concerned by unknown…
user97661
7
votes
2 answers

How does Google store passwords for remote IMAP/POP services?

It is possible to add non-Google accounts to Gmail and retrieve their mail messages via POP or IMAP. As part of the setup process, one has to provide the login username and password for these accounts. Since POP/IMAIL requires plaintext credentials,…
WoJ
  • 8,957
  • 2
  • 32
  • 51
6
votes
3 answers

Better safety: Webmail or POP3/IMAP email client?

Which offers a higher level of safety: Webmail or using a POP3/IMAP client? Assume the following for webmail: Access via HTTPS Rarely downloading any attachments, but in cases where it may be necessary, carefully verifying the integrity and…
RockPaperLz- Mask it or Casket
  • 3,114
  • 21
  • 50
5
votes
0 answers

Should I force Thunderbird to avoid RFC5746 and CVE-2009-3555 security bugs?

I see that the latest version of Thunderbird (38.0.1) still has the defaults set to ignore the error. Is this a big problem? Should I change the defaults to enforce greater security? Here is background on the problem:…
Chloe
  • 1,668
  • 3
  • 15
  • 30
4
votes
1 answer

Do the BEAST and CRIME attacks apply to an IMAP service?

While setting up the Dovecot IMAP service, I noticed that the default parameters are not optimal, it allows SSLv3 for example. Using Thomas Pournin's TestSSLServer.java program, I saw the following: ... Minimal encryption strength: strong…
Lekensteyn
  • 5,898
  • 5
  • 37
  • 62
3
votes
3 answers

How webmail's authorisation should work?

I'm building a webmail client (like gmail). It allows the user to browse emails and send them. Under the hood, php uses IMAP and SMTP to talk with email server. user->webserver->mailserver When user wants to use my webmail, webserver asks…
user3702861
  • 419
  • 1
  • 4
  • 8
3
votes
1 answer

Opening mail from IMAP with no risk for the user

I'm building a website for an association. Its aim is to, out of other thing, provide an easy mail manager to communicate with the member, stored in a database. This database is always up to date as it used to manage the members status,…
Remy San
  • 131
  • 3
3
votes
1 answer

Why does my password appear in clear text with my smartphone mail IMAP application?

I am using the default Galaxy 5 mail application to fetch my mail with IMAP. Packet capture shows my user and password in clear text (see below). Why does my username and password appear in clear text and how to change my configuration to avoid…
user130454
3
votes
0 answers

How secure is PHP IMAP?

I'm working on a project for one of my customers. They want a web environment where the site searches for specific emails for specific users and makes the attachments of those emails accessible to view and download. The attachments I'm talking about…
LesleyTYap
  • 31
  • 2
1
2 3