|OLIN BUSINESS SCHOOL||
Securing POP/IMAP/SMTP using SSL and SPA
Outlook Express and other programs that use POP or IMAP to download mail and SMTP to transfer mail, send all of their communciations as unencrypted text or cleartext. If someone was monitoring network traffic and capturing the traffic between your mail program snd the mail server, they would be able to read everything you are sending and receiving, including your password. With our switched network, it is difficult for someone to capture traffic; however, traffic sent to the Internet or to other parts of campus may be vulnerable as they pass through other networks outside of our control.
To protect against someone intercepting your mail and/or password, we have enabled Secure Sockets Layer or SSL on the mail server. SSL is the same protocol used to secure web pages where you enter passwords or credit card numbers. Using SSL, you can encrypt all commucniations sent using POP, IMAP, and SMTP if your mail program supports it. SSL encrypts both your mail and your password.
We have also enabled Secure Password Authentication or SPA. If you use SPA to logon, you will be prompted to enter your username, password, and domain (OLIN). This logon method does not actually send your password to the server. Instead it use a challenge-response mechanism to logon. SPA only protects your password. It does not protect your messages. You do not need to use SPA if you are using SSL because using SSL will also encrypt your password.
All you need to do to enable this protection is to configure your mail program to use a secure connection. In Outlook Express, you can do this as listed below. If you are using Eudora or other programs, see the online help for specifci instructions.
- Open Outlook Express.
- From the Tools menu, select Accounts.
- Select your mail account and click Properties.
- Select the Servers tab.
- Select the Advanced tab.
- Under Outgoing mail (SMTP)" check the box next to "This server requires a secure connection(SSL)". If you use Norton AntiVirus, make sure you disable virus scanning of outgoing mail.
- Under Incoming mail" check the box next to "This server requires a secure connection(SSL)"
- Click OK and then Close.