Adam McKenna wrote:
>
> On Sun, Jul 02, 2000 at 11:47:20PM +0200, Peter van Dijk wrote:
> > On Sun, Jul 02, 2000 at 12:53:04PM -0700, Joseph R. Junkin wrote:
> > > What exactly is APOP?
> >
> > APOP is an authentication mechanism for POP, in which passwords are not
> > transmitted cleartext but *do* need to be in a cleartext-list on the
> > server.
>
> Which is the reason I'll never use it.
The way I understand it is that apop uses more of a secret and not a password. I just
finished
putting in apop support for a pop server I wrote for a webmail system. Users don't
use their normal
password, but instead have the server generate a random secret that is about 50
characters long,
then they cut/paste that secret into their MUA. Also, according to rfc1939 a pop3
account
shouldn't allow both user/pass and apop for a given user.
>
> > > Is it supported by outlook and Netscape (ie typical clients)?
> >
> > As far as I know, yes.
>
> Nope. The only client (afaik) that supports APOP is Eudora. I know for sure
> that Outlook and Outlook Express do not, and I'm pretty sure that Netscape
> doesn't either.
>
> The most supported way of doing (more) secure email is to run it over SSL.
>
> --Adam
