Re: Blocking POP3 and IMAP

[Alex Everett <alex.everett () UNC EDU>]

Gary:

Any thought on using the more secure versions of these protocols?
I think exchange supports SSL/TLS with most of these protocols.
There may be a setting to only allow secure connections.

I am assuming the concern was plaintext data across the Internet?

-Alex

  _____

From: Hammon, Gary [mailto:ghammon () STONEHILL EDU]
Sent: Thursday, October 11, 2007 2:16 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Blocking POP3 and IMAP


I recently joined the Security listserv, and searched the archives looking
for any trend regarding blocking inbound POP3 and IMAP.

We think we have finally moved beyond any 'business need' to allow these
protocols for email. We have an Exchange environment that has web access
etc., but there are a small number of folks who simply prefer not to change.

I am hoping that I can say that it would be a best practice to eliminate the
POP3 and IMAP protocols.

I am hoping that other institutions have already started to eliminate the
protocols, or know that it is a good idea/best practice to eliminate these
protocols (ignoring the political firestorm of course!).

Thank you for any feedback on this,

Gary

Gary Hammon
CIO
Stonehill College
Easton, MA  02357

Attachment: smime.p7s
Description: