Difference between APOP and POP

email encryption network-protocols
11,580

APOP is just new a command added to the standard POP3, which does not transfer the password in plain (e.g. with USER and PASS commands) but digest based. Later better authorization was added with the AUTH command, similar to how it is done with SMTP and IMAP. All these ways to not use encrypted passwords, but at most hashed passwords which often required the POP3 server to know the cleartext password to verify the send password.

Better is to use POP3 with TLS, e.g. either starting with a TLS connection (POP3s) or upgrading an existing connection with the STARTTLS command before doing the authentication.

Share:
11,580

Related videos on Youtube

Anjan Baradwaj
Author by

Anjan Baradwaj

Passionate programmer with a strong will to learn and help others learn through knowledge dissemination. Problem Solver. Technology Enthusiast. Amateur Blogger.

Updated on August 15, 2022

Comments

  • Anjan Baradwaj
    Anjan Baradwaj over 1 year

    I was going through the protocols that are used in email applications (specifically POP and APOP) and I happened to come across this answer somewhere. It says

    Short for Authenticated Post Office Protocol, it is similar to the POP protocol except that APOP enables your password to be encrypted while being transmitted over the network. Using POP mail, when you authenticate your username and password in your e-mail client, your password is sent over the network in plain text. If your e-mail client uses APOP, then the password is encrypted while being transmitted. APOP prevents hackers from seeing your password information with sniffer programs.

    My question is :Is that the major difference between APOP and POP? Is the password not encrypted when POP protocol is used? If not, will it not cause security concerns?

  • Steffen Ullrich
    Steffen Ullrich over 10 years
    HTTPS is HTTP (e.g. web traffic) over TLS, POP3 over TLS is instead called POP3s.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to check if encrypted S/MIME message is also signed, without decrypting it
How to obtain a S/MIME certificate for e-mail encryption?
Why can I read encrypted emails (Outlook) from some users but not others?
Microsoft Office Outlook Web Access - "The content cannot be displayed because the S/MIME control is not available"
Update certificate in Outlook contacts
Office365 Web application - S/MIME emails from Chrome
Cannot send encrypted message to others using Outlook 2010
Thunderbird: SSL/TLS vs. STARTTLS
PGP encrypt single message for multiple recipients
How does S/MIME differ from PGP/GPG, for the purpose of signing and/or encrypting email?