Last time we saw the SMTP service and risks attached with it like e-mail bombing and spamming. Today we take a look at the Post Office Protocol (POP).
Post Office Protocol (POP)
As an Internet standard, POP (Post Office Protocol) defines the means of accessing and downloading electronic mail from a server. POP clients use the SMTP protocol to SEND messages, POP is only used to retrieve messages. POP version 2, or POP2 (or POP3) are standards wide in use, especially POP3, which added some new functionality to the interface. POP is also a TCP/IP based protocol, meaning you need a network connection between client and host.
POP2 or POP3 clients are available from a wide variety of sources on the Internet for MSDOS, Windows, OS/2, UNIX, Macintosh, and several other platforms. As you probably already know, POP clients look and feel just like PC-based e-mail packages and require no access to the host (server) other than a mailbox and mailbox password.
With POP, mail is delivered to a shared server, which then is retrieved by an user that connects to the server and downloads all of the pending mail to the "client" machine. Thereafter, all mail processing is local to the client machine.
But you must keep in mind that when you are dealing with POP configuration you ultimately are dealing with private information coming and going through it. You are dealing with issues such confidentiality, integrity and liabilities! Thus, I recommend you not to allow your users to transfer mail over the Internet through a POP, because it can reveal passwords and the messages are totally unprotected. If they must transfer it, then implement packet filtering. You might be able to implement some proxy too, but it will require some minor coding.
Multimedia Internet Mail Extensions (MIME)
MIME is an acronym for Multipurpose Internet Mail Extensions. The standard for attaching non-text files to standard Internet mail messages. Unfortunately, MIME is not secure. Thus, RSA developed S/MIME, which is a specification for secure MIME by offering authentication (using digital signatures) and privacy (using encryption).
S/MIME, PGP, and PEM are similar, as they specify methods for securing your electronic mail. However, PGP can be thought of as both a specification and an application as it relies on users to exchange keys and establish trust in each other. S/MIME, on the other hand, utilizes hierarchies in which the roles of the user and the certifier are formalized, which makes S/MIME more secure and more scaleable than PGP implementations.
Go To Page: 1 2
