Jason Voorhees wrote: JV> a sales person told my friend that IMAP protocol is JV> less secure than POP3 protocol. Other people have covered the IMAP vs POP3 issues - Ian Batten most comprehensively - but one comment I would add is that if you make either service available to the open internet, even under SSL encryption, password-based authentication is still susceptible to dictionary attack. So IMAP and/or POP3 (and/or SMTP AUTH) should be included in the list of things you rate limit, monitor for bad password attempts, and lock remote hosts out of if it they do things that look suspicious. Cheers Duncan -- Duncan Gibb, Technical Director Sirius Corporation plc - The Open Source Experts http://www.siriusit.co.uk/ || +44 870 608 0063 ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
