[MlMt] Security

Steven M. Bellovin smb at cs.columbia.edu
Wed Jan 17 08:06:11 EST 2018

Previous message: [MlMt] Security
Next message: [MlMt] Security
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 17 Jan 2018, at 5:51, Benny Kjær Nielsen wrote:

> On 17 Jan 2018, at 8:33, Fabian Blechschmidt wrote:
>
>>> Is my password to my email account or my email address stored  
>>> anywhere?
>>
>> The password can (not must) be stored in the Mac OS X keychain.
>>
>>> Or sent anywhere?
>>
>> MailMate is not "cloud" - so except the mail server itself I assume 
>> it stays on your machine.
>>
>>> Is there any assurance of that?
>>
>> I hope Benny will answer your mail too and back me up :-)
>
> I back you up. Only thing to add is that one should make sure that SSL 
> is always enabled such that a password is never sent to the IMAP/SMTP 
> server in plain text. Note that most proper email servers wouldn't 
> even allow non-SSL connections.
>
What authentication options that don't involve sending passwords does 
MailMate support? Is there a way to configure MM to use only one of 
these safer options if available? I know that I use it with an IMAP 
server that only supports CRAM-MD5 and DIGEST-MD5. There are others 
possible, such as client-side certificates.  (To the original querier: 
if you control your IMAP server, disable plaintext password logins.)


         --Steve Bellovin, https://www.cs.columbia.edu/~smb

Previous message: [MlMt] Security
Next message: [MlMt] Security
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the mailmate mailing list