On Wed, 2004-01-28 at 20:04, Glenn Remstedt wrote: > hi list, > > Someone has sniffing my POP3-passwd by monitoring > my Broadband(ISP) connection. > Are there someone how do know to encrypt a POP3 passwd? > Does the ISPs MailServer have to support it? Hi Glenn, it all depends on what is supported by your ISP. Yes, there are many ways to encrypt a POP3 password. I think one of the best way is DIGEST-MD5. All linux email clients that i am aware of, support all standard encryption mechanism (login, apop, cram-md5, digest-md5 and gssapi based mechanism) and, as far as i know, at least evolution and kmail have a option to test whether your POP3 server is using one of those mechanism. Even more, you can always encrypt all the connection by way of standard STARTTSL commands, and you can use both ssl encryption and password encryption simultaneously. However, most of ISP do not support starttsl and only support login (which is pretty useless, extremely easy to crack) and apop (good enough). You cannot force something that is not supported by your pop3 server, though. I suggest you to check what your pop3 server support. And if you want to know more about email system, google around with smtp_auth and starttsl as keywords. HTH E.
