What is APOP

When your email clients connects to your mail server with a regular POP3 connection, your login and password are sent in plain text across the network (i.e. the internet). If someone wants to get at your password, he thus has a good chance of getting at it.

APOP is an alternative to sending a login/password combination to the server. With APOP, your mail client will encrypt the timestamp sent by your server with a secret key and send back the encrypted version. The mail server can now tell whether you know that secret key. Since the time stamp changes each time a connection to the server is made, an intruder will not be able to use the encrypted timestamp to login himself.

POPFile supports this login mechanism. See the APOP FAQ entry.

PS: The meaning of the 'A' in APOP remains a mystery. It is often expanded to 'Authenticated', but even without the use of APOP, POP3 is authenticated. Perhaps it should be expanded to 'really Authenticated'?

 
glossary/apop.txt · Last modified: 2008/02/08 19:49 by 127.0.0.1

Should you find anything in the documentation that is incomplete, unclear, outdated or just plain wrong, please let us know and leave a note in the Documentation Forum.

Recent changes RSS feed Donate Driven by DokuWiki
The content of this wiki is protected by the GNU Fee Documentation License