Account Security

e-mail



It is technically possible for someone to set up what is known as a "sniffer" on a network. This is a program which looks at the content of the packets on the network as they float by. Generally, this is done to try and discover a user's password, which is often transmitted in plain text by many programs. Such a sniffer could be located anywhere on the path between you and our server.

When you check your e-mail, POP3 transmits your password in plain text, so it can be easily "sniffed". For this reason, we support both POP3 and APOP authentication. If you use APOP authentication, your password is not sent to the server. Instead, your e-mail client sends a "fingerprint" to the server which is used to prove that your e-mail client knows your password. To make a long story short, using APOP makes it impossible for your password to be "sniffed". For this reason, we highly recommend that you use APOP instead of POP3 if your e-mail client supports it. (It will be listed in your e-mail client's settings somewhere if it does...)

Note that even if your e-mail client does not support APOP, it is still possible to encrypt your password by setting up an SSH tunnel. Click here for more details.