On Thu, 28 May 2020, Daniele Nicolodi asked:
The IT department of the organization that is pushing thins says that
modern authentication and disabling IMAP (over SSL) enhance security.
I don't see how this is the case. Does anyone have an opinion?
Phil Pennock replied:
PP> As to IMAP/TLS -- I know of no security reason to mandate disabling
PP> IMAP as opposed to any other access protocol. This sounds more like
PP> the traditional Outlook FUD-spreading re open protocols.
For the 95% or more of users who only use Microsoft clients and thus
don't use IMAP, disabling IMAP means that dictionary attacks over
ports 143 or 993 are impossible.
On the basis that a computer that is switched off, unplugged and
encased in concrete is more secure from hackers than one that is not,
what that IT department says is accurate.
Different people's minds work in different ways. For those whose minds
don't match Microsoft's model mind, forcing us to use their clients
can kill productivity.
--
Andrew C. Aitchison Kendal, UK
[email protected]
_______________________________________________
mailop mailing list
[email protected]
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
