I wondering why nobody answered neither here, no in your comsul blog if I'm not wrong ;) on that very simple question. Basically, I don't see any big concern because the protocol is secure by itself. Yes, IMAP deamons have been know as buggy, simple because of early bad implementations, take UW Imapd as that bad example. Also, IMAP've got more features then POP3 i.e. more chances to make a mistake. But it doesn't mean you can't write a proper one. Just use daemons (this is not only implacable for IMAP, btw) which are written with security in mind. One well known good example of such is the open source project at http://www.dovecot.org/. Also, have a look at the fact that Gmail has opened up Imap access for the entire World. Security is possible :)
2008/7/13 Kokhong Cheng <[EMAIL PROTECTED]>: > Hello, > > This is strictly not about Linux, but since Linux users have a whole lot of > expertise in most other things, I thought I'd try asking here too. > > I've been confused by a conversation I've had with an old I.T. veteran. I > asked him why he did not enable IMAP on his company's email server (instead, > allowing POP3/SMTP). His reply was that IMAP has security concerns (but he > did not specify what), and that IMAP was susceptible to Directory Harvest > Attacks. > > I did some checking on the web, and found out that DHA is associated with > SMTP. Nowhere did IMAP come into the picture. Since I am not an IMAP expert, > I also did not want to challenge this IT pro who has at least a good ten > years more experience than me. > > So now I'm looking for a second opinion from anyone on this list who might > be in the know. > > I'd be grateful to anyone who can throw some light on the matter. > > Thanks! > Kokhong > > _______________________________________________ > Slugnet mailing list > [email protected] > http://wiki.lugs.org.sg/LugsMailingListFaq > http://www.lugs.org.sg/mailman/listinfo/slugnet > _______________________________________________ Slugnet mailing list [email protected] http://wiki.lugs.org.sg/LugsMailingListFaq http://www.lugs.org.sg/mailman/listinfo/slugnet
